Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Broadcom
  5. 250-580

Broadcom 250-580 Exam
Endpoint Security Complete - R2 Technical Specialist (Page 11 )

Updated On: 12-Jan-2026
Page 4 of 20
PDF with 150 Questions

In the virus and Spyware Protection policy, an administrator sets the First action to Clean risk and sets If first action fails to Delete risk.
Which two (2) factors should the administrator consider? (Select two.)

  1. The deleted file may still be in the Recycle Bin.
  2. IT Analytics may keep a copy of the file for investigation.
  3. False positives may delete legitimate files.
  4. Insight may back up the file before sending it to Symantec.
  5. A copy of the threat may still be in the quarantine.

Answer(s): C,E

Explanation:

When configuring a Virus and Spyware Protection policy with the actions to "Clean risk" first and "Delete risk" if cleaning fails, two important considerations are:
False Positives (C): There is a risk that legitimate files may be falsely identified as threats and deleted if the cleaning action fails. This outcome underscores the importance of careful policy configuration to avoid loss of important files.
Quarantine Copy (E): Even if a file is deleted, a copy might still remain in the quarantine. This backup allows for retrieval if the deletion was a false positive or if further analysis of the file is required for investigation purposes.
These considerations help administrators avoid unintended data loss and maintain flexibility for future review of quarantined threats.



What protection technology should an administrator enable to prevent double executable file names of ransomware variants like Cryptolocker from running?

  1. Download Insight
  2. Intrusion Prevention System
  3. SONAR
  4. Memory Exploit Mitigation

Answer(s): C

Explanation:

To prevent ransomware variants, such as Cryptolocker, from executing with double executable file names, an administrator should enable SONAR (Symantec Online Network for Advanced Response). SONAR detects and blocks suspicious behaviors based on file characteristics and real-time monitoring, which is effective in identifying malicious patterns associated with ransomware. By analyzing unusual behaviors, such as double executable file names, SONAR provides proactive protection against ransomware threats before they can cause harm to the system.



Which Indicator of Compromise might be detected as variations in the behavior of privileged users that indicate that their account is being used by someone else to gain a foothold in an environment?

  1. Mismatched Port - Application Traffic
  2. Irregularities in Privileged User Account Activity
  3. Surges in Database Read Volume
  4. Geographical Irregularities

Answer(s): B

Explanation:

An Indicator of Compromise (IOC), such as irregularities in privileged user account activity, can signal that a privileged account may be compromised and used maliciously. This can involve deviations from typical login times, unusual commands or requests, or access to resources not typically utilized by the user. Monitoring such anomalies can help detect when an attacker has gained access to a privileged account and is attempting to establish control within the environment.



Why is Active Directory a part of nearly every targeted attack?

  1. AD administration is managed by weak legacy APIs.
  2. AD is, by design, an easily accessed flat file name space directory database
  3. AD exposes all of its identities, applications, and resources to every endpoint in the network
  4. AD user attribution includes hidden elevated admin privileges

Answer(s): C

Explanation:

Active Directory (AD) is commonly targeted in attacks because it serves as a central directory for user identities, applications, and resources accessible across the network. This visibility makes it an attractive target for attackers to exploit for lateral movement, privilege escalation, and reconnaissance. Once compromised, AD provides attackers with significant insight into an organization's internal structure, enabling further exploitation and access to sensitive data.



Which technology can prevent an unknown executable from being downloaded through a browser session?

  1. Intrusion Prevention
  2. Insight
  3. Application Control
  4. Advanced Machine Learning

Answer(s): B

Explanation:

Symantec Insight technology can prevent the download of unknown executables through a browser session by leveraging a cloud-based reputation service. Insight assesses the reputation of files based on data collected from millions of endpoints, blocking downloads that are unknown or have a low reputation. This technology is particularly effective against zero-day threats or unknown files that do not yet have established signatures.



What should an administrator know regarding the differences between a Domain and a Tenant in ICDm?

  1. A tenant can contain multiple domains
  2. Each customer can have one domain and many tenants
  3. A domain can contain multiple tenants
  4. Each customer can have one tenant and no domains

Answer(s): A

Explanation:

In Integrated Cyber Defense Manager (ICDm), a tenant can encompass multiple domains, allowing organizations with complex structures to manage security across various groups or departments within a single tenant. Each tenant represents an overarching entity, while domains within a tenant enable separate administration and policy enforcement for different segments, providing flexibility in security management across large enterprises.



Which type of file attribute is valid for creating a block list entry with Symantec Endpoint Detection and Response (SEDR)?

  1. SHA256
  2. Type
  3. Date Created
  4. Filename

Answer(s): A

Explanation:

When creating a block list entry in Symantec Endpoint Detection and Response (SEDR), the SHA256 hash is a valid file attribute. SHA256 uniquely identifies files based on their content, making it a reliable attribute for ensuring that specific files, regardless of their names or creation dates, are accurately blocked. This hashing method helps prevent identified malicious files from executing, regardless of their locations or renaming attempts by attackers.



Which SES feature helps administrators apply policies based on specific endpoint profiles?

  1. Policy Bundles
  2. Device Profiles
  3. Policy Groups
  4. Device Groups

Answer(s): D

Explanation:

In Symantec Endpoint Security (SES), Device Groups enable administrators to apply policies based on specific endpoint profiles. Device Groups categorize endpoints according to characteristics like department, location, or device type, allowing tailored policy application that meets the specific security needs of each group. By using Device Groups, administrators can efficiently manage security policies, ensuring relevant protections are applied based on the endpoint's profile.



Viewing page 11 of 20
Viewing questions 81 - 88 out of 150 questions



Post your Comments and Discuss Broadcom 250-580 exam prep with other Community members:

Join the 250-580 Discussion