Sample Exam

250-512: Administration of Symantec Data Loss Prevention 11.5

Back to Exam Details Page

Exam Details

Number of Questions: 90 - 100
Exam Duration: 105 minutes
Passing Score: 77%

Answer each question then check the correct answers provided at the bottom of the page.
1. Why would online help be displayed in the default operating system language instead of the user's local language?
  • a. The language pack has been installed without using the Language Pack Utility.
  • b. The system variable of the client is set to the wrong time zone.
  • c. The location setting in the control panel is set to the wrong country.
  • d. The language pack configuration file needs to be configured appropriately.
2. Which two traffic feed sources are used for Network Monitor? (Select two.)
  • a. Test Access Port (TAP)
  • b. Network Inspector Port (NIP)
  • c. Cisco Remote Analyzer Port
  • d. Physical Port Analyzer
  • e. Switched Port Analyzer (SPAN) port
3. Which two are valid Scanned Content filter types for the Discover File System target? (Select two.)
  • a. Read ACL filter
  • b. Metadata filter
  • c. Exclude filter
  • d. File Size filter
  • e. File Owner filter
4. When should a policy be configured to block network transmissions?
  • a. once the policy has been defined and configured
  • b. once the policy baseline risk snapshot is established
  • c. after smart responses have been configured into the policy
  • d. after the policy has been tuned for accuracy and exceptions
5. A newly installed DLP Agent is unable to communicate and authenticate with the Endpoint server.

What is a possible cause of this issue?
  • a. The DLP Agent needs to run the keystore utility prior to connecting to the Endpoint server.
  • b. The Endpoint server is located across a secure VPN from the DLP Agent.
  • c. The DLP Agent needs to be restarted within the user interface after the install.
  • d. The DLP Agent is using an encryption key that differs from the key on the Endpoint server.
6. A company has added multiple Endpoint servers to their environment to provide high-availability for DLP Agents. The AgentInstall.msi file was edited to reflect the new servers and deployed.

Why is the DLP Agent unable to connect to an Endpoint server?
  • a. The Endpoint server needs to be recycled for the change to be applied.
  • b. Multiple Endpoint servers are unsupported for Windows 7 64-bit agents.
  • c. DLP Agents reside in a different time zone than the secondary Endpoint server.
  • d. An incorrect server list delimiter was used in the AgentInstall.msi file.
7. How does the Detection server receive its configuration and transmit detected incidents in Symantec Data Loss Prevention 11.5?
  • a. The Detection server receives configuration information from Enforce and persists incidents directly to the Oracle database.
  • b. The Detection server receives configurations from the Enforce server and persists incidents to the Enforce server.
  • c. The Detection server updates configuration changes directly to the Oracle database; all other communications are with the Enforce server.
  • d. The Detection server communicates directly with the Oracle database as well as using multicast TCP to the Enforce server.
8. When confidential data is found on an Endpoint file system during a scan, which reporting section will include the incidents?
  • a. Network Incident reports
  • b. Endpoint Incident reports
  • c. Discover Incident reports
  • d. Classification Incident reports
9. Symantec Data Loss Prevention allows an administrator to send severe system events to a syslog server.

To enable syslog logging, which file must be modified on the Enforce server?
  • a. C:\Vontu\Protect\Config\manager.policy
  • b. C:\Vontu\Protect\Config\
  • c. C:\Vontu\Protect\Config\
  • d. C:\Vontu\Protect\Config\
10. What is a benefit of Endpoint FlexResponse?
  • a. branched decision remediation
  • b. manual file quarantine
  • c. automated encryption
  • d. end user cancel
11. Which two configuration parameters does the Environment Collection Utility provide as output? (Select two.)
  • a. Policies enabled in Enforce
  • b. Virtual Memory settings for Enforce
  • c. Enforce version and build installed
  • d. Roles created in Enforce
  • e. Operating System version of the Enforce server
12. A new Indexed Document Matching (IDM) profile for the marketing department has been created. It contains mostly product information based on the same template. After enabling this IDM profile in a policy to detect 40% of the exposed document, the false positive rate is high.

What are two possible solutions for reducing the number of false positives? (Select two.)
  • a. change the required document exposure threshold to 30% to reduce the false positives
  • b. change the advanced settings for IDM (IDM.IgnoreCommonText) to ignore common text
  • c. remove all response rules from the policy while investigating further
  • d. create white-list for the common paragraphs when generating the index
  • e. create an additional IDM profile containing template files to use as an exception in the policy
13. Which web traffic should be analyzed based on best practices when implementing Network Prevent for Web?
  • a. HTTP GET requests to a web server
  • b. HTTP POST requests to a web server
  • c. FTP GET requests to a web server
  • d. HTTP OPTIONS requests to a web server
14. What is an advantage of using a Dashboard report?
  • a. Incident responders can view correlations across multiple products.
  • b. They allow incidents to be viewed across multiple products.
  • c. They can be used as work queues for incident responders.
  • d. Incident responders can see the history of each incident.
15. Which two methods can an administrator employ to reduce the number of incidents for a given traffic flow? (Select two.)
  • a. add additional component matching to the rule
  • b. add data owner exceptions
  • c. deploy to additional detection servers
  • d. increase condition match count
  • e. add additional severities
16. A company needs to scan all of its file shares on a weekly basis to ensure sensitive data is stored correctly. The total volume of data on the file servers is greater than 1 TB.

What action will enable the company to quickly scan all of this data on a weekly basis?
  • a. Run an initial complete scan of all the file shares, then modify the scan target to add date filters and exclude any files created or modified before the initial scan was run.
  • b. Run an initial complete scan of all the file shares, then modify the scan target to an incremental scan type.
  • c. Create a separate scan target for each file share and exclude files accessed before the start of each scan.
  • d. Run an initial complete scan of all file shares, create a summary report of all incidents created by the scan, then run weekly scans and compare incidents from weekly scans to incidents from the complete scan.
17. An administrator is running a Discover Scanner target scan, and the scanner is unable to communicate back to the Discover Server.

What is the default location for storing the files?
  • a. Discover Server incoming folder
  • b. scanner's outgoing folder
  • c. scanner's incoming folder
  • d. Enforce incident persister
18. A Data Loss Prevention (DLP) administrator brings a new Endpoint server online and redirects existing DLP Agents to work with this server. The administrator notices in the Agent Overview page that the redirected agents are showing an offline status.

What causes this issue?
  • a. Active policies are disabled on this Endpoint server and pushed out to the DLP Agents.
  • b. The Agent Monitoring configuration of this new Endpoint server needs to enable the appropriate monitoring options.
  • c. The Agent Monitoring configuration of this new Endpoint server has aggressive throttling enabled for DLP Agents causing them to shut down.
  • d. The Endpoint server is listening on the default port of 8000 while the DLP Agents are using a custom port number.
19. Which task is a Mobile Device Management solution unable to perform with regard to Symantec Data Loss Prevention for Tablets?
  • a. Diagnose and test interoperability of VPN clients.
  • b. Push user and proxy root certificates.
  • c. Prevent tampering with VPN profile settings.
  • d. Enforce remediation or action if a user turns off the VPN.
20. What is the most important step in the Vector Machine Learning process according to Symantec?
  • a. collecting the documents for training
  • b. creating the VML profile
  • c. setting the memory allocation
  • d. adjusting the Similarity Threshold
Answers: 1-a, 2-a&e, 3-c&d, 4-d, 5-d, 6-d, 7-b, 8-c, 9-c, 10-c, 11-c&e, 12-d&e, 13-b, 14-b, 15-b&d, 16-b, 17-b, 18-d, 19-a, 20-a

Contact the Symantec Certification Team

Can't find what you're looking for? If you have questions or need further assistance, send an email to