Number of Questions: 75-85
Exam Duration: 105 minutes (with Borderline survey included)
Passing Score: 70%
Answer each question then check the correct answers provided at the bottom of the page.
1. Which change to the Policies page is visible after successfully installing Symantec Network Access Control?
- a. Host Compliance
- b. Host Checking
- c. Host Integrity
- d. Host Assessment
2. Which function can Host Integrity provide?
- a. Application Control
- b. Enforcement
- c. Remediation
- d. Remote Enforcement
3. Where can an administrator view compliance log files?
- a. from the specific client in the Symantec Network Access Control log
- b. from the Symantec Endpoint Protection Manager Console on the Monitors page
- c. from the Symantec Endpoint Protection Manager Console on the Admin page
- d. from the Enforcer debug logs
4. What is the default password for the Enforcer user accounts?
- a. symantec
- b. sysadmin
- c. [blank]
- d. symadmin
5. How many network interfaces are manually configured during the initial configuration of a Gateway Enforcer?
6. When running the Symantec Network Access Control Integrated Enforcer for Integrated Enforcers, in which two ways are endpoints allowed on the network without a quarantine IP address? (Select two.)
- a. Trusted subnet exceptions
- b. DNS scope based exceptions
- c. DHCP scope based exceptions
- d. Trusted Hosts IP based exceptions
- e. Trusted Hosts MAC address exceptions
7. Which command secures the communication between the Enforcer appliance and the policy manager?
- a. Enforcer#> configure spm encrypt key
- b. Enforcer#> configure spm key
- c. Enforcer#> configure spm pre-shared key
- d. Enforcer#> configure spm key encrypt
8. What is used to move log files off the Enforcer appliance?
- a. SSH
- b. TFTP
- c. FTP
- d. SCP
9. Which technique will enable a Host Integrity policy to process all checks even if they fail?
- a. Change policy mode from production to test.
- b. Enable "Allow Host Integrity check to pass" in each check.
- c. Change policy mode from test to production.
- d. Enable "Log Only Host Integrity Checks" in each check.
10. Which two files should be backed up in preparation for a maintenance release upgrade? (Select two.)
- a. [recovery_date].zip
- b. [date_timestamp].zip
- c. [restore_date].zip
- d. [config_properties].zip
- e. [recovery_timestamp].zip
11. Which two operating systems are supported by the Symantec Network Access Control persistent client? (Select two.)
- a. Mac OS IX
- b. Windows 2000 SP3
- c. Windows XP
- d. Windows 7 64-bit
- e. Red Hat Enterprise Linux 6
12. What is the purpose of the Symantec On-Demand client?
- a. to scan incoming computers for viruses
- b. to provide guest Host Integrity checking
- c. to provide virtual desktop
- d. to clear session information
13. How are Host Integrity policies applied to a particular location?
- a. in the Symantec Endpoint Protection Manager on the Clients > Policies tab
- b. in the Symantec Endpoint Protection Manager under Admin > Servers
- c. in the Symantec Endpoint Protection Manager under Host > Location
- d. in the Symantec Endpoint Protection Manager under Policies > Location Awareness
14. How should the Gateway Enforcer be configured to minimize the affect on endpoint traffic during an initial testing phase?
- a. for Training Mode
- b. for Test Mode
- c. for Pilot Mode
- d. for Learning Mode
15. How can a custom script that checks for an application version be tested without the threat of blocking users from the network?
- a. Mark the "Allow the Host Integrity check to pass even if this requirement fails" checkbox in the Custom Requirement window.
- b. Clear the "Continue to check requirements after one fails" checkbox in the Advanced settings section of the Host Integrity Policy window.
- c. Clear the "Enable" checkbox in the requirements section of the Host Integrity policy window.
- d. Mark the "Show a new process window" checkbox in the Custom Requirement window.
16. How many network interfaces are used when configuring a LAN Enforcer?
17. A Symantec Network Access Control administrator has deployed two Gateway Enforcers in failover mode. The administrator needs to be sure that Gateway Enforcer 1 is the active gateway and Gateway Enforcer 2 is the backup gateway.
How does the administrator ensure the initial active gateway is Gateway Enforcer 1?
- a. Set Gateway Enforcer 1 as the primary gateway in the Symantec Endpoint Protection Manager.
- b. Start the Gateway Enforcer 1 before Gateway Enforcer 2.
- c. Set Gateway Enforcer 2 as a backup gateway in the Symantec Endpoint. Protection Manager
- d. Start the Gateway Enforcer 2 before Gateway Enforcer 1.
18. In an environment in which endpoints have only the Virus and Spyware Protection technology deployed, which additional feature must be deployed for Self-enforcement to work?
- a. "Proactive Threat Protection" with only the "Application and Device Control" selected
- b. "Proactive Threat Protection" with only "Sonar" selected
- c. "Network Threat Protection" with only "Intrusion Prevention" selected
- d. "Network Threat Protection" with only "Firewall" selected
19. Which port is used for the http redirect on the Gateway Enforcer by default?
- a. 9090
- b. 90
- c. 8080
- e. 80
20. Which information can be obtained from the Kernel.log file?
- a. detailed heartbeat information
- b. enforcer and policy manager communications
- c. client re-authentication messages
- d. policy downloads
Answers: 1-c, 2-c, 3-b, 4-a, 5-a, 6-c&e, 7-b, 8-b, 9-b, 10-c&d, 11-c&d, 12-b, 13-a, 14-d, 15-a, 16-a, 17-b, 18-d, 19-d, 20-c
Contact the Symantec Certification Team
Can't find what you're looking for?
If you have questions or need further assistance, send an email to firstname.lastname@example.org