Exam Details
Number of Questions: 75-85
Exam Duration: 105 minutes (with Borderline survey included)
Passing Score: 70%
Answer each question then check the correct answers provided at the bottom of the page.1. Which change to the Policies page is visible after successfully installing Symantec Network Access Control?
- a. Host Compliance
- b. Host Checking
- c. Host Integrity
- d. Host Assessment
2. Which function can Host Integrity provide?
- a. Application Control
- b. Enforcement
- c. Remediation
- d. Remote Enforcement
3. Where can an administrator view compliance log files?
- a. from the specific client in the Symantec Network Access Control log
- b. from the Symantec Endpoint Protection Manager Console on the Monitors page
- c. from the Symantec Endpoint Protection Manager Console on the Admin page
- d. from the Enforcer debug logs
4. What is the default password for the Enforcer user accounts?
- a. symantec
- b. sysadmin
- c. [blank]
- d. symadmin
5. How many network interfaces are manually configured during the initial configuration of a Gateway Enforcer?
6. When running the Symantec Network Access Control Integrated Enforcer for Integrated Enforcers, in which two ways are endpoints allowed on the network without a quarantine IP address? (Select two.)
- a. Trusted subnet exceptions
- b. DNS scope based exceptions
- c. DHCP scope based exceptions
- d. Trusted Hosts IP based exceptions
- e. Trusted Hosts MAC address exceptions
7. Which command secures the communication between the Enforcer appliance and the policy manager?
- a. Enforcer#> configure spm encrypt key
- b. Enforcer#> configure spm key
- c. Enforcer#> configure spm pre-shared key
- d. Enforcer#> configure spm key encrypt
8. What is used to move log files off the Enforcer appliance?
- a. SSH
- b. TFTP
- c. FTP
- d. SCP
9. Which technique will enable a Host Integrity policy to process all checks even if they fail?
- a. Change policy mode from production to test.
- b. Enable "Allow Host Integrity check to pass" in each check.
- c. Change policy mode from test to production.
- d. Enable "Log Only Host Integrity Checks" in each check.
10. Which two files should be backed up in preparation for a maintenance release upgrade? (Select two.)
- a. [recovery_date].zip
- b. [date_timestamp].zip
- c. [restore_date].zip
- d. [config_properties].zip
- e. [recovery_timestamp].zip
11. Which two operating systems are supported by the Symantec Network Access Control persistent client? (Select two.)
- a. Mac OS IX
- b. Windows 2000 SP3
- c. Windows XP
- d. Windows 7 64-bit
- e. Red Hat Enterprise Linux 6
12. What is the purpose of the Symantec On-Demand client?
- a. to scan incoming computers for viruses
- b. to provide guest Host Integrity checking
- c. to provide virtual desktop
- d. to clear session information
13. How are Host Integrity policies applied to a particular location?
- a. in the Symantec Endpoint Protection Manager on the Clients > Policies tab
- b. in the Symantec Endpoint Protection Manager under Admin > Servers
- c. in the Symantec Endpoint Protection Manager under Host > Location
- d. in the Symantec Endpoint Protection Manager under Policies > Location Awareness
14. How should the Gateway Enforcer be configured to minimize the affect on endpoint traffic during an initial testing phase?
- a. for Training Mode
- b. for Test Mode
- c. for Pilot Mode
- d. for Learning Mode
15. How can a custom script that checks for an application version be tested without the threat of blocking users from the network?
- a. Mark the "Allow the Host Integrity check to pass even if this requirement fails" checkbox in the Custom Requirement window.
- b. Clear the "Continue to check requirements after one fails" checkbox in the Advanced settings section of the Host Integrity Policy window.
- c. Clear the "Enable" checkbox in the requirements section of the Host Integrity policy window.
- d. Mark the "Show a new process window" checkbox in the Custom Requirement window.
16. How many network interfaces are used when configuring a LAN Enforcer?
17. A Symantec Network Access Control administrator has deployed two Gateway Enforcers in failover mode. The administrator needs to be sure that Gateway Enforcer 1 is the active gateway and Gateway Enforcer 2 is the backup gateway.
How does the administrator ensure the initial active gateway is Gateway Enforcer 1?
- a. Set Gateway Enforcer 1 as the primary gateway in the Symantec Endpoint Protection Manager.
- b. Start the Gateway Enforcer 1 before Gateway Enforcer 2.
- c. Set Gateway Enforcer 2 as a backup gateway in the Symantec Endpoint. Protection Manager
- d. Start the Gateway Enforcer 2 before Gateway Enforcer 1.
18. In an environment in which endpoints have only the Virus and Spyware Protection technology deployed, which additional feature must be deployed for Self-enforcement to work?
- a. "Proactive Threat Protection" with only the "Application and Device Control" selected
- b. "Proactive Threat Protection" with only "Sonar" selected
- c. "Network Threat Protection" with only "Intrusion Prevention" selected
- d. "Network Threat Protection" with only "Firewall" selected
19. Which port is used for the http redirect on the Gateway Enforcer by default?
- a. 9090
- b. 90
- c. 8080
- e. 80
20. Which information can be obtained from the Kernel.log file?
- a. detailed heartbeat information
- b. enforcer and policy manager communications
- c. client re-authentication messages
- d. policy downloads
Answers: 1-c, 2-c, 3-b, 4-a, 5-a, 6-c&e, 7-b, 8-b, 9-b, 10-c&d, 11-c&d, 12-b, 13-a, 14-d, 15-a, 16-a, 17-b, 18-d, 19-d, 20-c
Contact the Symantec Certification Team
Can't find what you're looking for?
If you have questions or need further assistance, send an email to
global_exams@symantec.com.
