Practice Free 250-604 Exam Online Questions
Which step typically initiates the threat incident lifecycle in ICDm?
- A . Quarantine of a device
- B . Execution of a scan
- C . Identification of a suspicious activity
- D . Updating of a security policy
When enabling mobile protection in SES Complete, which requirement must be fulfilled for Network Integrity to function properly?
- A . The device must be jailbroken
- B . The device must be unmanaged
- C . The Symantec Mobile Agent must be installed
- D . Only Android devices are supported
Scenario: A financial institution recently deployed SES Complete with App Control in monitor-only mode across its endpoint fleet. The security team noticed multiple alerts for behavioral deviations involving legitimate trading software.
Which two actions should the team take to appropriately respond to this situation? (Choose two)
- A . Immediately block the software at the application layer
- B . Whitelist the trading software via behavioral tuning
- C . Disable Drift Monitoring globally
- D . Review the Behavioral Insights widget to validate the software’s prevalence
Which two steps must be completed to properly configure TDAD within SES Complete? (Choose two)
- A . Deploy sensors on read-only domain controllers
- B . Assign a TDAD policy to domain-joined endpoints
- C . Install sensors on writable domain controllers
- D . Enable the “Monitor Only” mode before enforcing policy
Which two actions can administrators take within the ICDm interface to remediate a detected incident? (Choose two)
- A . Disable SELinux across endpoints
- B . Isolate the endpoint from the network
- C . Manually uninstall the antivirus
- D . Delete or quarantine malicious files
What step should be taken after EDR identifies and quarantines a suspicious file on an endpoint?
- A . Disable the policy group for that endpoint
- B . Forward the file to endpoint users for verification
- C . Reboot the endpoint to finalize quarantine
- D . Submit the file for detailed threat analysis to verify classification
What is the primary requirement before initiating the installation of Threat Defense for Active Directory in an enterprise environment?
- A . A minimum of one global exclusion policy must be created in ICDm.
- B . The organizational unit must be registered as a managed domain controller.
- C . An on-premises Domain Controller must be running and accessible to SES Complete.
- D . The client computers must have administrator-level permissions to the endpoint recorder.
What are two use cases for implementing App Control in a corporate environment? (Choose two)
- A . Blocking browser extensions on specific devices
- B . Enabling automatic domain registration
- C . Enforcing usage of approved software only
- D . Monitoring but not restricting behaviors initially
Which policy should an administrator edit to utilize the Symantec LiveUpdate server for pre-release content?
- A . The System Policy
- B . The LiveUpdate Policy
- C . The System Schedule Policy
- D . The Firewall Policy
Which key functionality does the hybrid integration between SEPM and ICDm enable?
- A . Automatic rollback of endpoint definitions
- B . Seamless policy migration and coexistence
- C . Centralized audit logging through SEPM only
- D . LiveShell support for unmanaged endpoints