ST0-237 braindumps

[Newest Version] Easily Pass ST0-237 Exam with Geekcert Updated Real Symantec ST0-237 Exam Materials

There is no need to worry when you are suffering the difficult time in the Symantec Certified Security program Newest ST0-237 vce exam preparation, Geekcert will assist you to pass the Symantec Certified Security program Hotest ST0-237 study guide exam with latest update Symantec Certified Security program Hotest ST0-237 vce Symantec Data Loss Prevention 12 Technical Assessment PDF and VCE dumps. Geekcert has the most comprehensive Symantec exam preparation materials, covering each and every aspect of Symantec Certified Security program Latest ST0-237 study guide Symantec Data Loss Prevention 12 Technical Assessment exam curriculum. We ensure you 100% success in Symantec Certified Security program Jan 14,2022 Hotest ST0-237 study guide exam.

Geekcert – provide the latest ST0-237 real exam practice questions and answers. Geekcert – ST0-237 certification exams – original questions and answers – success guaranteed. Geekcert| ST0-237 exam dumps with pdf and vce, 100% pass guaranteed! get your ST0-237 certification easily. Geekcert expert team is ready to help you.

We Geekcert has our own expert team. They selected and published the latest ST0-237 preparation materials from Symantec Official Exam-Center:

The following are the ST0-237 free dumps. Go through and check the validity and accuracy of our ST0-237 dumps.These questions are from ST0-237 free dumps. All questions in ST0-237 dumps are from the latest ST0-237 real exams.

Question 1:

Which interface provides single sign-on access for the purpose of administering Data Loss Prevention servers, managing policies, and remediating incidents?

A. Symantec Information Manager

B. Symantec Protection Center

C. Symantec Data Insight

D. Symantec Messaging Gateway

Correct Answer: B

Question 2:

Which action is available for use in Smart Response rules and Automated Response rules?

A. modify SMTP message

B. block email message

C. limit incident data retention

D. post log to a syslog server

Correct Answer: D

Question 3:

Which automated response action can be performed for data loss incidents caused by confidential data found on Windows shares?

A. Block Message

B. Quarantine File

C. User Cancel

D. Notify User

Correct Answer: B

Question 4:

An administrator needs to deploy a Symantec Data Loss Prevention solution that will monitor network traffic. Which traffic type is excluded from inspection when using the default configuration?

A. HTTP-get


C. FTP-put

D. HTTP-post

Correct Answer: A

Question 5:

Which incidents appear in the Network Incident List report when the Network Prevent Action filter is set to Modified?

A. incidents in which confidential content was removed from the body of an SMTP email

B. incidents in which an SMTP email was changed to include one or more SMTP headers

C. incidents in which digital rights were applied to SMTP email attachments containing confidential information

D. incidents in which confidential attachments were removed from an SMTP email

Correct Answer: B

Question 6:

Which server encrypts the message when using a Modify SMTP Message response rule?

A. Encryption Gateway

B. SMTP Prevent server

C. Network Monitor server

D. Enforce server

Correct Answer: C

Question 7:

A DLP administrator has determined that a Network Discover server is unable to scan a remote file server. Which action should the administrator take to successfully scan the remote file server?

A. restart the discover scan

B. verify that the target file server is a Windows 2008 server

C. use the fully qualified name (FQDN) of the server

D. verify that the file server has .NET services running

Correct Answer: C

Question 8:

You have encapsulated the disk for swap partitions and created mirrors under the VxVM control. Which files in /etc get modified when the root disk is encapsulated?

A. vfstab and file system

B. vfstab and rootdisk

C. mnttab and file system

D. volboot and file system

Correct Answer: A

Question 9:

An incident response team has determined that multiple incidents are resulting from the same user action of copying sensitive data to USB devices.

Which action should the incident response team take to fix this issue so only one incident per action is detected?

A. Create separate policies for the different detection methods

B. Combine multiple conditions into one compound rule

C. Change which \’Endpoint Destinations\’ are monitored

D. Change the monitor/ignore filters in the agent configuration

Correct Answer: B

Question 10:

Refer to the exhibit.

An administrator is testing the DLP installation by placing .EML files into the drop folder, but has been unsuccessful in generating any incidents. The administrator is checking the Advanced Server Settings page to see if it can help diagnose

the issue.

What could be causing this problem?

A. BoxMonitor.IncidentWriter setting needs to be set to Test

B. BoxMonitor.FileReader needs to be set to default

C. BoxMonitor.IncidentWriterMemory is set too high

D. BoxMonitor.Channels contains an incompatible entry

Correct Answer: D

Question 11:

A company needs to disable USB devices on computers that are generating a number of recurring DLP incidents. It decides to implement Endpoint Lockdown using Endpoint Prevent, which integrates with Symantec Endpoint Protection Manager and Symantec Management Platform. After incidents are still detected from several agents, the company determines that a component is missing.

Which component needs to be added to disable the USB devices once incidents are detected?

A. Control Compliance Suite

B. Workflow Solution

C. pcAnywhere

D. Risk Automation Suite

Correct Answer: B

Question 12:

A divisional executive requests a report of all incidents generated by a particular region, summarized by department. What must be populated to generate this report?

A. remediation attributes

B. sender correlations

C. status groups

D. custom attributes

Correct Answer: C

Question 13:

A divisional executive requests a report of all incidents generated by a particular region and summarized by department. Which incident information must be populated to generate this report?

A. remediation attributes

B. custom attributes

C. sender correlations

D. status groups

Correct Answer: B

Question 14:

What should an incident responder select to remediate multiple incidents simultaneously?

A. Smart Response on the Incident Snapshot page

B. Automated Response on an Incident List report

C. Smart Response on an Incident List report

D. Automated Response on the Incident Snapshot page

Correct Answer: C

Question 15:

An incident responder is viewing a discover incident snapshot and needs to determine which information to provide to the next level responder. Which information would be most useful in assisting the next level responder with data clean-up?

A. Incident Details: Message Body content

B. Custom Attributes: Most Active User from Data Insight

C. Incident Details: File Owner metadata

D. Access Information: File Permissions

Correct Answer: B