Practice Free 250-604 Exam Online Questions
Which component of ICDm allows administrators to initiate remediation actions such as isolating an endpoint or deleting a malicious file?
- A . Incident Response Actions Panel
- B . Alert Management Dashboard
- C . Asset Management Console
- D . Device Inventory
How does SES Complete prevent data exfiltration from endpoints?
- A . It disconnects devices from the network
- B . It blocks known malware sites only
- C . It restricts unauthorized data transmission channels
- D . It deletes sensitive files periodically
Which two types of policy adaptations are possible using SES Complete behavior-based policy tuning? (Choose two)
- A . Whitelisting internal tools that show abnormal behavior
- B . Automatically uninstalling legacy applications
- C . Blocking applications that do not match expected behavior
- D . Changing device group names based on alert severity
What happens when SES Complete detects defense evasion activity?
- A . Policy-defined action such as alert, block, or isolate is triggered
- B . The endpoint is auto-quarantined
- C . The system logs out the user
- D . Internet access is permanently disabled
What method does SES Complete use to streamline agent enrollment for a large organization?
- A . Manual installation using USB drives
- B . Bulk enrollment through ICDm with client installation packages
- C . Endpoint configuration through Active Directory GPOs only
- D . Automatic registration through Microsoft Defender
Which MITRE ATT&CK framework step includes destroying data and rendering an endpoint inoperable?
- A . Rampage
- B . Kill Chain
- C . Exfiltration
- D . Impact
When migrating policies from SEPM to ICDm, what is a recommended best practice?
- A . Delete all SEPM policies before importing to ICDm
- B . Use the SES Complete Policy Translation tool
- C . Manually recreate policies from scratch in ICDm
- D . Disable SEPM replication during migration
Which two benefits result from submitting suspicious files to the sandbox through EDR? (Choose two)
- A . Prevention of local file sharing
- B . Detailed behavioral analysis of the file in a safe environment
- C . Immediate deletion of the file from all connected devices
- D . Automated signature creation for future threats
When analyzing suspicious files using EDR, how are files typically submitted for deeper inspection?
- A . Through the SEP Mobile App interface
- B . Via the System Lockdown command
- C . Using the “submit to sandbox” option from the alert or incident view
- D . By emailing the file to Symantec support
What prerequisite must be fulfilled before administrators can enable the Network Integrity feature within the ICDm management console for securing mobile and modern devices?
- A . The endpoints must be registered in audit-only mode before policy enforcement begins.
- B . The administrator must first apply an antivirus-only policy group to the devices.
- C . A valid Network Integrity license must be activated and associated with the device group.
- D . The cloud policy manager must be enabled on the firewall appliance.