250-438 Free Practice Test

Which action should a DLP administrator take to secure communications between an on-premises Enforce server and detection servers hosted in the Cloud?

1. A. Use the built-in Symantec DLP certificate for the Enforce Server, and use the “sslkeytool” utility to create certificates for the detection servers.
2. B. Use the built-in Symantec DLP certificate for both the Enforce server and the hosted detection servers.
3. C. Set up a Virtual Private Network (VPN) for the Enforce server and the hosted detection servers.
4. D. Use the “sslkeytool” utility to create certificates for the Enforce server and the hosted detection servers.

Correct Answer: A
Reference: https://www.symantec.com/connect/articles/sslkeytool-utility-and-server-certificates

What is the correct configuration for “BoxMonitor.Channels” that will allow the server to start as a Network Monitor server?

1. A. Packet Capture, Span Port
2. B. Packet Capture, Network Tap
3. C. Packet Capture, Copy Rule
4. D. Packet capture, Network Monitor

Correct Answer: C
Reference: https://support.symantec.com/en_US/article.TECH218980.html

What detection server is used for Network Discover, Network Protect, and Cloud Storage?

1. A. Network Protect Storage Discover
2. B. Network Discover/Cloud Storage Discover
3. C. Network Prevent/Cloud Detection Service
4. D. Network Protect/Cloud Detection Service

Correct Answer: B
Reference: https://help.symantec.com/cs/dlp15.0/DLP/v16110606_v120691346/Modifying-the-Network-Discover-Cloud-Storage-Discover-Server-configuration?locale=EN_US

An organization wants to restrict employees to copy files only a specific set of USB thumb drives owned by the organization.
Which detection method should the organization use to meet this requirement?

1. A. Exact Data Matching (EDM)
2. B. Indexed Document Matching (IDM)
3. C. Described Content Matching (DCM)
4. D. Vector Machine Learning (VML)

Correct Answer: D

A DLP administrator has enabled and successfully tested custom attribute lookups for incident data based on the Active Directory LDAP plugin. The Chief Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Cisco’s role has the “User Reporting” privilege enabled, but User Risk reporting is still not working.
What is the probable reason that the User Risk Summary report is blank?

1. A. Only DLP administrators are permitted to access and view data for high risk users.
2. B. The Enforce server has insufficient permissions for importing user attributes.
3. C. User attribute data must be configured separately from incident data attributes.
4. D. User attributes have been incorrectly mapped to Active Directory accounts.

Correct Answer: D