Symantec Administration of Symantec Advanced Threat Protection 3.0

1.

Why is it important for an Incident Responder to analyze an incident during the Recovery phase?

To determine the best plan of action for cleaning up the infection To isolate infected computers on the network and remediate the threat To gather threat artifacts and review the malicious code in a sandbox environment To access the current security plan, adjust where needed, and provide reference materials in the event of a similar incident

2.

How does an attacker use a zero-day vulnerability during the Incursion phase?

To perform a SQL injection on an internal server To extract sensitive information from the target To perform network discovery on the target To deliver malicious code that breaches the target

3.

Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an incident for an After Actions Report?

It ensures that the Incident is resolved, and the responder can clean up the infection. It ensures that the Incident is resolved, and the responder can determine the best remediation method. It ensures that the Incident is resolved, and the threat is NOT continuing to spread to other parts of the environment. It ensures that the Incident is resolved, and the responder can close out the incident in the ATP manager.

4.

What is the role of Cynic within the Advanced Threat Protection (ATP) solution?

Reputation-based security Event correlation Network detection component Detonation/sandbox

5.

Which section of the ATP console should an ATP Administrator use to create blacklists and whitelists?

Reports Settings Action Manager Policies

Symantec Administration of Symantec Advanced Threat Protection 3.0

Congratulations

COMPANY

Products

OTHERS

Partner

Symantec Administration of Symantec Advanced Threat Protection 3.0

Congratulations

Detail Form

COMPANY

Products

OTHERS

Partner