We ensures to provide the most update 250-438 pdf with the most accurate answers. We Symantec Other Certification 250-438 actual tests are the most complete and authoritative 250-438 vce with which one can pass the Symantec Other Certification 250-438 exam in an easy way. Preparing for Symantec Other Certification 250-438 Administration of Symantec Data Loss Prevention 15 exam is really a tough task to accomplish. But We will simplified the process.
How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “copy to USB device” operation?
A. Add a “Limit Incident Data Retention” response rule with “Retain Original Message” option selected.
B. Modify the agent config.db to include the file
C. Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration
D. Modify the agent configuration and select the option “Retain Original Files”
Correct Answer: A
Under the “System Overview” in the Enforce management console, the status of a Network Monitor detection server is shown as “Running Selected.” The Network Monitor server\’s event logs indicate that the packet capture and filereader processes are crashing.
What is a possible cause for the Network Monitor server being in this state?
A. There is insufficient disk space on the Network Monitor server.
B. The Network Monitor server\’s certificate is corrupt or missing.
C. The Network Monitor server\’s license file has expired.
D. The Enforce and Network Monitor servers are running different versions of DLP.
Correct Answer: D
Which two Infrastructure-as-a-Service providers are supported for hosting Cloud Prevent for Office 365? (Choose two.)
Which two detection technology options run on the DLP agent? (Choose two.)
A. Optical Character Recognition (OCR)
B. Described Content Matching (DCM)
C. Directory Group Matching (DGM)
D. Form Recognition
E. Indexed Document Matching (IDM)
Correct Answer: BE
A DLP administrator has added several approved endpoint devices as exceptions to an Endpoint Prevent policy that blocks the transfer of sensitive data. However, data transfers to these devices are still being blocked. What is the first action an administrator should take to enable data transfers to the approved endpoint devices?
A. Disable and re-enable the Endpoint Prevent policy to activate the changes
B. Double-check that the correct device ID or class has been entered for each device
C. Verify Application File Access Control (AFAC) is configured to monitor the specific application
D. Edit the exception rule to ensure that the “Match On” option is set to “Attachments”
Correct Answer: D
A DLP administrator needs to stop the PacketCapture process on a detection server. Upon inspection of the Server Detail page, the administrator discovers that all processes are missing from the display. What are the processes missing from the Server Detail page display?
A. The Display Process Control setting on the Advanced Settings page is disabled.
B. The Advanced Process Control setting on the System Settings page is deselected.
C. The detection server Display Control Process option is disabled on the Server Detail page.
D. The detection server PacketCapture process is displayed on the Server Overview page.