Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Broadcom
  5. 250-580

Broadcom 250-580 Exam
Endpoint Security Complete - R2 Technical Specialist (Page 3 )

Updated On: 7-Feb-2026
Page 3 of 31
PDF with 150 Questions

Which Incident View widget shows the parent-child relationship of related security events?

  1. The Incident Summary Widget
  2. The Process Lineage Widget
  3. The Events Widget
  4. The Incident Graph Widget

Answer(s): B

Explanation:

The Process Lineage Widget in the Incident View of Symantec Endpoint Security provides a visual representation of the parent-child relationship among related security events, such as processes or activities stemming from a primary malicious action. This widget is valuable for tracing the origins and propagation paths of potential threats within a system, allowing security teams to identify the initial process that triggered subsequent actions. By displaying this hierarchical relationship, the Process Lineage Widget supports in-depth forensic analysis, helping administrators understand how an incident unfolded and assess the impact of each related security event in context.



Which Symantec Endpoint Protection technology blocks a downloaded program from installing browser plugins?

  1. Intrusion Prevention
  2. SONAR
  3. Application and Device Control
  4. Tamper Protection

Answer(s): C

Explanation:

The Application and Device Control technology within Symantec Endpoint Protection (SEP) is responsible for blocking unauthorized software behaviors, such as preventing a downloaded program from installing browser plugins. This feature is designed to enforce policies that restrict specific actions by applications, which includes controlling program installation behaviors, access to certain system components, and interactions with browser settings. Application and Device Control effectively safeguards endpoints by stopping potentially unwanted or malicious modifications to the browser, thus protecting users from threats that may arise from unverified or harmful plugins.



Which type of event does operation:1 indicate in a SEDR database search?

  1. File Deleted.
  2. File Closed.
  3. File Open.
  4. File Created.

Answer(s): C

Explanation:

In a Symantec Endpoint Detection and Response (SEDR) database search, an event labeled with operation:1 corresponds to a File Open action. This identifier is part of SEDR's internal operation codes used to log file interactions.
When querying or analyzing events in the SEDR database, recognizing this code helps Incident Responders understand that the action recorded was an attempt to access or open a file on the endpoint, which may be relevant in tracking suspicious or malicious activities.



An Incident Responder has determined that an endpoint is compromised by a malicious threat.
What SEDR feature would be utilized first to contain the threat?

  1. File Deletion
  2. Incident Manager
  3. Isolation
  4. Endpoint Activity Recorder

Answer(s): C

Explanation:

When an Incident Responder determines that an endpoint is compromised, the first action to contain the threat is to use the Isolation feature in Symantec Endpoint Detection and Response (SEDR). Isolation effectively disconnects the affected endpoint from the network, thereby preventing the malicious threat from communicating with other systems or spreading within the network environment. This feature enables the responder to contain the threat swiftly, allowing further investigation and remediation steps to be conducted without risk of lateral movement by the attacker.



If an administrator enables the setting to manage policies from the cloud, what steps must be taken to reverse this process?

  1. Navigate to ICDm > Enrollment and disable the setting
  2. Unenroll the SEPM > Disable the setting > Re-enroll the SEPM
  3. Revoke policies from ICDm
  4. Revoke policies from SEPM

Answer(s): B

Explanation:

If an administrator has enabled the setting to manage policies from the cloud and needs to reverse this, they must follow these steps:
Unenroll the SEPM (Symantec Endpoint Protection Manager) from the cloud management (ICDm). Disable the cloud policy management setting within the SEPM.
Re-enroll the SEPM back into the cloud if required.

This process ensures that policy control is reverted from cloud management to local management on the SEPM. By following these steps, administrators restore full local control over policies, disabling any cloud-based management settings previously in effect.






Post your Comments and Discuss Broadcom 250-580 exam prep with other Community members:

Join the 250-580 Discussion