ST0-237 Symantec Loss Prevention Technical Practice Exam Set 2

While performing a disk group joins operation, you get an error "VxVM vxdg ERROR V-5-1- 2866 object: Record already exists in disk group." You want to resolve this error. How should you resolve this error?


Options are :

  • Delete the disk group and recreate it with another name.
  • Change the object name in the disk group.
  • Import a disk group and rename it.
  • Change the object name to same as disk group.

Answer : Change the object name in the disk group.

ST0-237 Symantec Data Loss Prevention 12 Technical Test Set 5

Which file is required to decrypt the edpa_ext0.log using the Endpoint Agent logdump utility?


Options are :

  • ks.ead
  • cg.ead
  • dcs.ead
  • is.ead

Answer : ks.ead

A user is unable to log in as sysadmin. The Data Loss Prevention system is configured to use Active Directory authentication. The user is a member of two roles: sysadmin and remediator. How should the user log in to the user interface in the sysadmin role?


Options are :

Answer : sysadmin\username

A compliance officer needs to understand how the company is complying with its data security policies over time. Which report should the compliance officer generate to obtain the compliance information?


Options are :

  • Policy report, filtered on date, and summarized by policy
  • Policy report, filtered on quarter, and summarized by policy
  • Policy Trend report, summarized by policy, then severity
  • Policy Trend report, summarized by policy, then quarter

Answer : Policy Trend report, summarized by policy, then quarter

ST0-095 ST0-095 Symantec Technical Foundations Security Exam Set 2

What is the most efficient policy so that incidents are generated only when a specific user under investigation sends encrypted files?


Options are :

  • a policy that has two conditions
  • a policy that has one condition
  • a policy that has two exceptions
  • a policy that has one exception

Answer : a policy that has two conditions

An incident responder can see basic incident data, but is unable to view specific details of the incident. What could be wrong with the configuration in the incident responder's role?


Options are :

  • Server administration rights are deselected.
  • Incident Access tab conditions are specified.
  • Available Smart Response rules are deselected
  • View option is selected and all display attributes are deselected.

Answer : View option is selected and all display attributes are deselected.

The DLP services on an Endpoint Server keep stopping. The only events displayed in the Enforce UI are that the server processes have stopped. What is the first step the administrator should take to keep the services on the Endpoint server running?


Options are :

  • Exclude the DLP directories from any scheduled or real-time virus scanning
  • Perform a complete uninstall and reinstall of the Product
  • Remove the Endpoint server from the UI and add it again
  • Install malware detection software on the server

Answer : Exclude the DLP directories from any scheduled or real-time virus scanning

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 5

A network architect needs to install Symantec Data Loss Prevention detection servers in a hosted environment. Which action should the network architect take to ensure secured communication between the detection server and the Enforce server?


Options are :

  • generate a certificate directly on each detection server
  • use the built-in Symantec Data Loss Prevention certificate for the hosted server
  • generate identical certificates for on-premise servers and identical certificates for hosted servers
  • use the sslkeytool utility to create multiple unique certificates for each detection server

Answer : use the sslkeytool utility to create multiple unique certificates for each detection server

Consider a situation where you run the vxdmpadm start restore command and encounter an error message ?VxVM vxdmpadm ERROR V-5-1-3243 The VxVM restore daemon is already running? How will you solve this error?


Options are :

  • Stop vxdmpadm and start vxdarestore.
  • Stop vxdmpadm and restart vxdmpadm.
  • Stop vxdmpadm and reboot the system.
  • Restart the all the VxVM daemons.

Answer : Stop vxdmpadm and restart vxdmpadm.

You execute the vxtrace command without any option to collect I/O trace data on all virtual disk drives during peak I/O operations. When you start to analyze the data, you notice that vxtrace displays a record indicating records are lost. You want to reduce the likelihood of the kernel discarding records so that you don't have to rerun vxtrace to capture the records. What should you do?


Options are :

  • Wait until I/O operations have decreased
  • Print vxtrace event records to a file
  • Increase the kernel buffer using the ľo option
  • Increase the kernel buffer

Answer : Increase the kernel buffer

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 8

Ten test agents are being deployed that use an uninstall password required to uninstall the DLP Agent. The agents deploy and install correctly. Upon testing to remove the Agent, the uninstall password fails to work. The deployment team used 'Symantec' for the UninstallPasswordKey. Why does the uninstall fail when using the same password?


Options are :

  • uninstall passwords are restricted from containing the word 'Symantec'
  • the UninstallPwdKeyGenerator must be used to create an UninstallPasswordKey
  • the PGPsdk.dll file was missing when the key was created
  • the uninstall agent password needs to match the uninstall password key

Answer : the UninstallPwdKeyGenerator must be used to create an UninstallPasswordKey

You work in a Server Operations Center (SOC) with other administrators monitoring VxVM background tasks after you initiate them. You need to set up a VxVM task so that these SOC administrators can track your background tasks against the change control documentation. What would you do address this requirement?


Options are :

  • Use the vxtask tag command to associate the task id with the change control number.
  • Use the vxtask label command to mark the task with the change control number.
  • Use the "-n" flag to associate the task with the change control number
  • Use the "-t" flag to mark the task with the change control number.

Answer : Use the "-t" flag to mark the task with the change control number.

Which traffic type is excluded from analysis when an administrator uses Network Monitor?


Options are :

  • Skype
  • NNTP
  • Telnet
  • Yahoo! Instant Messenger

Answer : Skype

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 2

A DLP administrator needs to stop the PacketCapture process on a detection server. Upon inspection of the Server Detail page, the administrator discovers that all processes are missing from the display. Why are the processes missing from the Server Detail page display?


Options are :

  • The detection server Display Control Process option is disabled on the Server Detail page.
  • The Advanced Process Control setting on the System Settings page is deselected.
  • The Display Process Control setting on the Advanced Settings page is disabled.
  • The detection server PacketCapture process is displayed on the Server Overview page.

Answer : The Advanced Process Control setting on the System Settings page is deselected.

Which two Diagnostic Logging Settings can be configured under the Systems > Servers > Logs - Configuration tab in the Enforce UI? (Select two.)


Options are :

  • Discover Trace Logging
  • Packet Capture Debug Logging
  • Described Content Matching Incident Logging
  • Endpoint Debug Logging
  • Aggregator Debug Logging

Answer : Discover Trace Logging Packet Capture Debug Logging

How is data moved to the servers at Symantec when auto-transmission of Supportability Telemetry data is enabled?


Options are :

  • HTTPS POST to Symantec from Agents
  • HTTPS POST to Symantec from Enforce
  • HTTP POST to Symantec from Enforce
  • HTTP POST to Symantec from Agents

Answer : HTTPS POST to Symantec from Enforce

ST0-247 Symantec Cluster Server 6.1 for UNIX Certifate Exam Set 8

An administrator is attempting to uninstall a version 11.6 DLP Agent, but the uninstall password fails to remove the agent. The group who set the initial password is unavailable. Which two options are available to address the password issue? (Select two.)


Options are :

  • reboot and login to Safe Mode and use Add / Remove Programs to uninstall the Agent
  • use Regedit.exe and delete the related Endpoint registry entries
  • upgrade the agent to version 12 with a newly generated UninstallPasswordKey
  • contact Symantec Support to obtain the Clean Agent tool
  • manually uninstall the agent by stopping the EDPA and WDP services, then remove all related program files

Answer : upgrade the agent to version 12 with a newly generated UninstallPasswordKey contact Symantec Support to obtain the Clean Agent tool

An incident responder is viewing a discover incident snapshot and needs to determine which information to provide to the next level responder. Which information would be most useful in assisting the next level responder with data clean-up?


Options are :

  • Incident Details: Message Body content
  • Access Information: File Permissions
  • Incident Details: File Owner metadata
  • Custom Attributes: Most Active User from Data Insight

Answer : Custom Attributes: Most Active User from Data Insight

Which two fallback options are available for a 'Network Prevent: Remove HTTP/HTTPS' content response rule when a web-based message contains confidential data? (Select two.)


Options are :

  • Block the content from being posted
  • Allow the content to be posted
  • Encrypt the content before posting
  • Remove the content through FlexResponse
  • Redirect the content to an alternative destination

Answer : Block the content from being posted Allow the content to be posted

ST0-91W ST0-91W Symantec NetBackup 7.0 For Windows Exam Set 11

What should an incident responder select to remediate multiple incidents simultaneously?


Options are :

  • Smart Response on an Incident List report
  • Automated Response on the Incident Snapshot page
  • Smart Response on the Incident Snapshot page
  • Automated Response on an Incident List report

Answer : Smart Response on an Incident List report

Which two options are available when selecting an incident for deletion? (Select two.)


Options are :

  • Delete all attachments or files and export incident to .XML file
  • Delete the incident and retain the original message
  • Delete the incident completely
  • Delete the incident and export incident details to .CSV file
  • Delete the original message and retain the incident

Answer : Delete the incident completely Delete the original message and retain the incident

You are performing a move operation under VxVM control. You cannot find the disk involved in a disk group. In addition, you get the following error message: "VxVM vxconfigd ERROR V-5-1-4551 dg_move_recover: can't locate disk(s), giving up" How should you resolve this error?


Options are :

  • Use vxdisk command to import a disk group.
  • Use vxassist command to clean the disk group to be imported.
  • Use vxconfigd command to import a disk group.
  • Use vxdg command to clean the disk group to be imported.

Answer : Use vxdg command to clean the disk group to be imported.

ST0-248 Symantec Storage Foundation 6.1 UNIX Technical Exam Set 4

Which two products are leveraged for Network Prevent integration? (Select two.)


Options are :

  • Load Balancer
  • Span Port
  • Mail Transfer Agent
  • Network Tap
  • Proxy Server

Answer : Mail Transfer Agent Proxy Server

Which DLP Agent task is unique to the Symantec Management Platform and is unavailable through the Enforce console?


Options are :

  • Restart agent
  • Toggle print screen
  • Pull agent logs
  • Change Endpoint server

Answer : Toggle print screen

Which version of Oracle does Symantec Data Loss Prevention version 12.0 require for new installations or upgrading from 11.x to 12.0?


Options are :

  • 11.2.0.2
  • 10.2.0.4
  • 10.2.0.1
  • 11.2.0.3

Answer : 11.2.0.3

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 6

Which two pieces of system information are collected by Symantec Data Loss Prevention Supportability Telemetry? (Select two.)


Options are :

  • Number of policies currently deployed
  • Cumulative statistics regarding network traffic
  • Currently installed version of the Enforce Server
  • Number of system alerts generated daily
  • File types for which there are incidents

Answer : Currently installed version of the Enforce Server File types for which there are incidents

You have replaced disks on a system under the VxVM control and you get an error ?VxVM vxconfigrestore ERROR V-5-1-6012 There are two backups that have the same disk group name with different disk group id?. How will you resolve this error?


Options are :

  • Rename one of the disk groups.
  • Specify the disk group by its name rather than by its ID.
  • Specify the disk group by its ID rather than by its name.
  • Delete the backup file, in dginfo, /etc/vx/cbr/bk/diskgroup. dgid/ dgid.dginfo.

Answer : Specify the disk group by its ID rather than by its name.

You want to remove the disk named datadg01 from the disk group named datadg. You also want to remove the public and private regions from the disk. However, you want to retain the data stored on the disk. Which commands will you use to achieve this?


Options are :

  • vxremove vxdg evac vxdisk rmdisk
  • vxevac vxdg rmdisk vxdiskunsetup
  • vxdiskunsetup vxdg rmdisk vxevac
  • vxdg rmdisk vxevac vxdiskunsetup

Answer : vxdg rmdisk vxevac vxdiskunsetup

ST0-91W ST0-91W Symantec NetBackup 7.0 for Windows Exam Set 2

A Network Monitor server has been installed and the networking components configured accordingly. The server is receiving traffic, but fails to detect incidents. Running Wireshark indicates that the desired traffic is reaching the detection server. What is the most likely cause for this behavior?


Options are :

  • The mirrored port is sending corrupted packets.
  • The wrong interface is selected in the configuration.
  • The communication to the database server is interrupted.
  • The configuration is set to process GET requests.

Answer : The mirrored port is sending corrupted packets.

Which endpoint database file should be used to tune and change debugging levels?


Options are :

  • ps.ead
  • cg.ead
  • am.ead
  • ks.ead

Answer : cg.ead

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions