Sample Exam

250-511: Administration of Symantec Data Loss Prevention 11

Back to Exam Details Page

Exam Details

Number of Questions: 70-80
Exam Duration: 105 minutes
Passing Score: 77%

Answer each question then check the correct answers provided at the bottom of the page.
1. 1. How and when is a solution pack installed?
  • a. by running SolutionPackInstaller after installing the Enforce server
  • b. by running SolutionPackInstaller after installing the database
  • c. by importing the solution pack from the user interface after logging in to the console for the first time
  • d. by copying the solution pack into the bin directory on the Enforce server after installation
2. Why would online help be displayed in the default operating system language instead of the user's local language?
  • a. The language pack has been installed without using the Language Pack Utility.
  • b. The system variable of the client is set to the wrong time zone.
  • c. The Location setting in the control panel is set to the wrong country.
  • d. The language pack configuration file needs to be configured appropriately.
3. Which two traffic feed sources are used for Network Monitor? (Select two.)
  • a. Test Access Port (TAP)
  • b. Network Inspector Port (NIP)
  • c. Cisco Remote Analyzer Port
  • d. Physical Port Analyzer
  • e. Switched Port Analyzer (SPAN) port
4. Which two are valid Scanned Content filter types for the Discover File System target? (Select two.)
  • a. Read ACL filter
  • b. Metadata filter
  • c. Exclude filter
  • d. File Size filter
  • e. File Owner filter
5. What is the correct syntax sequence when creating an IP filter for Network Monitor?
  • a. +/-, source, destination
  • b. include/exclude, destination, source
  • c. include/exclude, source, destination
  • d. +/-, destination, source
6. Which feature allows a user to export incidents in HTML format?
  • a. Export Report
  • b. Incident Portlet
  • c. Web Archive
  • d. Smart Response
7. Which report type is used to export incidents using a Web Archive?
  • a. Dashboard
  • b. Incident List
  • c. Incident Summary
  • d. Incident Snapshot
8. Which roles configuration tab is used to set the custom attributes that a certain role can view or edit?
  • a. General tab
  • b. Incident Access tab
  • c. Policy Management tab
  • d. Users tab
9. When should a policy be configured to block network transmissions?
  • a. once the policy has been defined and configured
  • b. once the policy baseline risk snapshot is established
  • c. after smart responses have been configured into the policy
  • d. after the policy has been tuned for accuracy and exceptions
10. A newly installed DLP Agent is unable to communicate and authenticate with the Endpoint server.
What is a possible cause of this issue?
  • a. The DLP Agent needs to run the keystore utility prior to connecting to the Endpoint server.
  • b. The Endpoint server is located across a secure VPN from the DLP Agent.
  • c. The DLP Agent needs to be restarted within the user interface after the install.
  • d. The DLP Agent is using an encryption key that differs from the key on the Endpoint server.
11. A company has added multiple Endpoint servers to their environment to provide high-availability for DLP Agents. The AgentInstall.msi file was edited to reflect the new servers and deployed.
Why is the DLP Agent unable to connect to an Endpoint server?
  • a. The Endpoint server needs to be recycled for the change to be applied.
  • b. Multiple Endpoint servers are unsupported for Windows 7 64-bit agents.
  • c. DLP Agents reside in a different time zone than the secondary Endpoint server.
  • d. An incorrect server list delimiter was used in the AgentInstall.msi file.
12. Which detection server type must have its policy group associations configured outside of the policy group configuration page?
  • a. Endpoint server
  • b. Discover server
  • c. Network Monitor server
  • d. Network Prevent server
13. How does the Detection server receive its configuration and transmit detected incidents in Symantec Data Loss Prevention 11?
  • a. The Detection server receives configuration information from Enforce and persists incidents directly to the Oracle database.
  • b. The Detection server receives configurations from the Enforce server and persists incidents to the Enforce server.
  • c. The Detection server updates configuration changes directly to the Oracle database; all other communications are with the Enforce server.
  • d. The Detection server communicates directly with the Oracle database as well as using multicast TCP to the Enforce server.
14. When confidential data is found on an Endpoint file system during a scan, which reporting section will include the incidents?
  • a. Network Incident reports
  • b. Endpoint Incident reports
  • c. Discover Incident reports
  • d. Classification Incident reports
15. Symantec Data Loss Prevention allows an administrator to send severe system events to a syslog server.
To enable syslog logging, which file must be modified on the Enforce server?
  • a. C:\Vontu\Protect\Config\manager.policy
  • b. C:\Vontu\Protect\Config\
  • c. C:\Vontu\Protect\Config\
  • d. C:\Vontu\Protect\Config\
16. What is a benefit of Endpoint FlexResponse?
  • a. branched decision remediation
  • b. manual file quarantine
  • c. automated encryption
  • d. end user cancel
17. Which two configuration parameters does the Environment Collection Utility provide as output? (Select two.)
  • a. Policies enabled in Enforce
  • b. Virtual Memory settings for Enforce
  • c. Enforce version and build installed
  • d. Roles created in Enforce
  • e. Operating System version of the Enforce server
18. A new Indexed Document Matching (IDM) profile for the marketing department has been created. It contains mostly product information based on the same template. After enabling this IDM profile in a policy to detect 40% of the exposed document, the false positive rate is high.
What are two possible solutions for reducing the number of false positives? (Select two.)
  • a. change the required document exposure threshold to 30% to reduce the false positives change the advanced settings for IDM (IDM.IgnoreCommonText) to ignore common text
  • b. change the advanced settings for IDM (IDM.IgnoreCommonText) to ignore common text
  • c. remove all response rules from the policy while investigating further
  • d. create white-list for the common paragraphs when generating the index
  • e. create an additional IDM profile containing template files to use as an exception in the policy
19. Which web traffic should be analyzed based on best practices when implementing Network Prevent for Web?
  • a. HTTP GET requests to a web server
  • b. HTTP POST requests to a web server
  • c. FTP GET requests to a web server
  • d. HTTP OPTIONS requests to a web server
Answers: 1-a, 2-a, 3-a&e, 4-c&d, 5-d, 6-c, 7-b, 8-a, 9-d, 10-d, 11-d, 12-b, 13-b, 14-c, 15-c, 16-c, 17-c&e, 18-d&e, 19-b

Contact the Symantec Certification Team

Can't find what you're looking for? If you have questions or need further assistance, send an email to