Practice Free 250-604 Exam Online Questions
Which controls can prevent an attacker from executing malicious scripts in SES Complete? (Choose two)
- A . Application Control
- B . Script Blocking
- C . Device Lockdown
- D . Patch Management
What is the role of the Drift Monitoring feature in SES Complete App Control?
- A . Identifying changes in application behavior against baseline policies
- B . Blocking unverified USB devices
- C . Enforcing file integrity rules
- D . Recording video footage of end-user activity
Which two steps are required to enable mobile device protection in SES Complete? (Choose two)
- A . Installing the Symantec Mobile Agent
- B . Enabling SEPM replication
- C . Disabling system lockdown
- D . Assigning the mobile device to a policy group
Why is it important to consider replication impact when implementing a hybrid Symantec security model?
- A . Because replication schedules must be synchronized with cloud sync intervals to prevent data loss.
- B . Because replication affects how SEPM sites distribute policies and content across multiple locations.
- C . Because cloud replication disables all port forwarding on domain controllers.
- D . Because replication is no longer supported when ICDm is enabled.
Which situation would justify enabling LiveShell for a particular endpoint within EDR?
- A . The endpoint is being reformatted
- B . A threat was found that requires live command-line investigation
- C . The endpoint requires reboot
- D . The endpoint must be moved to a guest network
Which component in SES Complete helps identify unusual application behavior by providing a visual representation of behavioral prevalence?
- A . App Control Dashboard
- B . Policy Events Log
- C . Behavioral Insights and Tuning Widget
- D . Endpoint Activity Recorder
Scenario: An enterprise security team notices that several users have recently accessed resources they typically do not use. TDAD has raised alerts regarding credential misuse and suspicious lateral movement patterns.
Which two actions should the team take using SES Complete? (Choose two)
- A . Switch the TDAD policy from monitor to active blocking mode
- B . Uninstall and reinstall AD group policies
- C . Investigate authentication paths flagged by TDAD
- D . Configure additional sensors on all file servers
How does SES Complete help administrators detect misconfigurations within Active Directory environments?
- A . Using TDAD’s continuous monitoring of AD policies and configurations
- B . Through built-in drift analysis
- C . By integrating with third-party vulnerability scanners
- D . Using firewall policy heatmaps
Using the ICDm console, a SES administrator issues a device command. When will the command be executed on the endpoint?
- A . At the next heartbeat
- B . When the user is idle
- C . Immediately
- D . When the endpoint reboots
What ensures smooth operation during policy migration from SEPM to ICDm in a hybrid architecture?
- A . Pausing all SEPM services during ICDm policy push
- B . Gradual transition of policies using pilot device groups
- C . Rebooting endpoints between every policy sync
- D . Disabling automatic signature updates from both consoles