Why is it important for an Incident Responder to copy malicious files to the ATP file store or create an image of the infected system during the Recovery phase?
What occurs when an endpoint fails its Host Integrity check and is unable to remediate?
An Incident Responder has noticed that for the last month, the same endpoints have been involved with malicious traffic every few days. The network team also identified a large amount of bandwidth being used over P2P protocol.
Which two steps should the Incident Responder take to restrict the endpoints while maintaining normal use of the systems? (Choose two.)
Which action should an Incident Responder take to remediate false positives, according to Symantec best
practices?
A customer has information about a malicious file that has NOT entered the network. The customer wants to know whether ATP is already aware of this threat without having to introduce a copy of the file to the infrastructure.
Which approach allows the customer to meet this need?
Which SEP technology does an Incident Responder need to enable in order to enforce blacklisting on an
endpoint?
An Incident Responder is going to run an indicators of compromise (IOC) search on the endpoints and wants
to use operators in the expression.
Which tokens accept one or more of the available operators when building an expression?
Which default port does ATP use to communicate with the Symantec Endpoint Protection Manager (SEPM)
web services?
Which National Institute of Standards and Technology (NIST) cybersecurity function includes Risk Assessment or Risk Management Strategy?
How should an ATP Administrator configure Endpoint Detection and Response according to Symantec best practices for a SEP environment with more than one domain?