Sample Exam

250-311: Administration of Symantec Endpoint Protection 11.0 for Windows

Back to Exam Details Page

Exam Details

# of Questions: 70 - 80
Exam Duration: 90 minutes
Passing score: 79%

Answer each question then check the correct answers provided at the bottom of the page.
1. The Find Unmanaged Computers task allows you to search for computers based on _____.
  • a. operating system
  • b. software version
  • c. IP address
  • d. user
2. An administrator wants to allow users to block all traffic to their computers in the event of an outbreak, but wants to prevent them from being able to disable Network Threat Protection.

How would the administrator accomplish this?
  • a. set Communications Settings as Push
  • b. set Communications Settings as Pull
  • c. set Client User Interface Control Settings as Client control
  • d. set Client User Interface Control Settings as Mixed control
3. Which two actions should be taken to prevent virus and worms from compromising end points within a network? (Choose two.)
  • a. ensure security patches are kept up-to-date
  • b. use an alternate browser
  • c. run regular scans
  • d. encrypt all passwords
  • e. edit the registry
4. An administrator wants to minimize the time it takes to create application specific firewall rules.

Which method of tracking applications results in the fewest configuration changes to ease firewall rule creation?
  • a. tracking applications on the Site Properties
  • b. tracking applications in the Intrusion Prevention policy
  • c. tracking applications in the Host Integrity policy
  • d. tracking applications through Management Server Lists
5. What is the function of DHCP Smart Traffic Filtering?
  • a. checks for IP spoofing
  • b. defines permitted DHCP servers
  • c. allows DHCP requests and replies
  • d. limits DHCP to the local subnet
6. An administrator is installing a second Symantec Endpoint Protection Manager in a site for failover. All clients will connect only to the first management server for policies and content unless the first server fails.

What should be configured to achieve this goal?
  • a. configure each server with the same priority in the Management Server list
  • b. edit the group's communication settings on the Policy tab and select the Failover option
  • c. configure a different priority for each server in the Management Server list
  • d. edit the Local Site properties, and on the General tab, select the option for Failover
7. In the Symantec Endpoint Protection Manager (SEPM), Management Server Lists provide administrators options to configure failover and load balancing of _____.
  • a. Group Update Providers
  • b. domains
  • c. SEPMs
  • d. databases
8. Which statement is true about Device Control when creating installation packages?
  • a. If you disable Network Threat Protection, Device Control is automatically disabled.
  • b. If you disable Device Control, Network Threat Protection is automatically disabled.
  • c. If you disable Proactive Threat Protection, Device Control is automatically disabled.
  • d. If you disable Device Control, Proactive Threat Protection is automatically disabled.
9. Which two statements are true about Symantec Endpoint Protection TruScan Proactive Threat Scan? (Choose two.)
  • a. It inspects encrypted network traffic.
  • b. It evaluates process behavior.
  • c. It uses malicious code detection signatures.
  • d. It blocks attackers' IP addresses.
  • e. It detects unknown threats.
10. To configure an On-demand scan, which policy do you need to configure?
  • a. Antivirus and Antispyware
  • b. Firewall
  • c. Host Integrity
  • d. LiveUpdate
11. As part of regular operational maintenance, which utility can back up the Symantec Endpoint Protection embedded database?
  • a. SQL Enterprise Manager
  • b. LiveUpdate Administrator
  • c. Altiris Integration Component
  • d. Database Backup and Restore
12. An organization is globally dispersed with many remote offices. It is important that content is distributed to clients in remote offices as quickly as possible.

Which mechanism could be used to facilitate a quick delivery of content to the remote offices?
  • a. Internet Information Server
  • b. Group Update Provider
  • c. Apache Tomcat Server
  • d. MS SQL Database
13. What is one of the functions of the Symantec Endpoint Protection client firewall?
  • a. modifies forwarding tables
  • b. blocks DLLs from executing for a given process
  • c. forces processes to terminate
  • d. controls which programs can access networks
14. In order to meet the minimum software requirements, Symantec Endpoint Protection Manager can only be installed on which operating systems? (Choose two.)
  • a. Sun Solaris 10
  • b. Novell Netware 6.5
  • c. Microsoft Windows XP Professional
  • d. Microsoft Windows Server 2003
  • e. Microsoft Windows NT
15. You need to create a firewall rule that allows all communications during the week, but blocks all communications on the weekend.

Which approach accomplishes this?
  • a. create two rules: an allow rule for every day above a block rule for weekends
  • b. create two rules: a block rule for Saturday and Sunday above an allow rule for every day
  • c. create two rules: an allow rule for 12am to 12pm every day above a block rule for weekdays
  • d. create two rules: an allow rule for every day above a block time for 12 am to 12am weekends
16. Which configuration file specifies the client's Symantec Endpoint Protection Manager?
  • a. sav.xml
  • b. sylink.xml
  • c. profile.dax
  • d. config.conf
17. Lifeline Supply Company replaces the hardware for a Symantec Endpoint Protection Manager (SEPM). The SEPM is reinstalled and the original database is restored. However, clients are unable to connect to the new management server.

Which action is required to re-establish connectivity?
  • a. change all clients to Push Mode
  • b. change all clients to Pull Mode
  • c. restore the administrator password
  • d. restore the original server certificate
18. Management wants to audit the network and report on infected computers.

Which report type would you generate?
  • a. Scan
  • b. Audit
  • c. Compliance
  • d. Risk
19. Which Auto-Protect types are configurable?
  • a. Application, File System, Internet Email, Lotus Notes
  • b. File System, Internet Email, Lotus Notes, Microsoft Outlook
  • c. Application, File System, Microsoft Outlook, Sendmail
  • d. File System, Internet Email, Microsoft Outlook, GroupWise
20. An administrator believes that clients may be coming under attack from systems that are spoofing IP addresses.

Which setting within the firewall policy will help with this problem?
  • a. NetBIOS protection
  • b. Stealth mode web browsing
  • c. OS fingerprint masquerading
  • d. TCP resequencing
21. A company has multiple Symantec Endpoint Protection administrators. They want to prevent one of the administrators from making any changes to the policies, yet still print reports.

How can they accomplish this?
  • a. give the person access to the report directory
  • b. give the person access to the database directory
  • c. assign the person Limited Administrator rights with Print Only
  • d. assign the person Limited Administrator rights and View Reports
22. In a firewall rule, what is the only trigger type that uses a fingerprint?
  • a. Service
  • b. Application
  • c. Host
  • d. Blank Rule
23. On an unmanaged client, which two statements are true when a program attempts to stop the Symantec Endpoint Protection client? (Choose two.)
  • a. Tamper Protection is disabled.
  • b. The tamper attempt is blocked.
  • c. The user is notified of the tamper attempt.
  • d. The administrator is notified of the tamper event.
  • e. An event is written to the Control log.
24. A company is having trouble with unwanted applications consuming network bandwidth. Which policy type restricts these applications from accessing the network?
  • a. Device Control
  • b. Antivirus
  • c. Firewall
  • d. Host Integrity
Answers: 1-c, 2-d, 3-a&c, 4-a, 5-c, 6-c, 7-c, 8-a, 9-b&e, 10-a, 11-d,12-b, 13-d, 14-c&d, 15-b, 16-b, 17-d, 18-d, 19-b, 20-d, 21-d, 22-b, 23-b&c, 24-c

Contact the Symantec Certification Team

Can't find what you're looking for? If you have questions or need further assistance, send an email to