Exam Title

: Symantec 250-501 : Intrusion Protection Solutions

Version : R6.1

www.Prepking.com

Prepking - King of Computer Certification Important Information, Please Read Carefully

Other Prepking products A) Offline Testing engine Use the offline Testing engine product to practice the questions in an exam environment. B) Study Guide (not available for all exams) Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is updated. Free updates are available for 90 days after the purchase. You should check your member zone at Prepking and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go towww.Prepking.com 2.Click on Member zone/Log in (right side) 3. Then click My Account 4.The latest versions of all purchased products are downloadable from here. Just click the links. For most updates,it is enough just to print the new questions at the end of the new version, not the whole document. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to feedback@Prepking.com. You should include the following: Exam number, version, page number, question number, and your login ID. Our experts will answer your mail promptly. Copyright Each PDF file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular PDF file is being distributed by you, Prepking reserves the right to take legal action against you according to the International Copyright Laws. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact feedback@Prepking.com.

www.Prepking.com

 1. What is a characteristic unique to a host-based intrusion protection solution? A. service specific B. protocol specific C. topology specific D. operating system specific Answer: D 2. Which three types of network traffic should be considered suspicious by a deception-based intrusion system running on your corporate Intranet? (Choose three. ) A. FTP connection B. broadcast traffic C. HTTP get request D. SSL logon attempt Answer: ACD 3. Which three organizations actively monitor the release of patches and upgrades from vendors? (Choose three.) A. CERT B. Microsoft C. Symantec D. Security Focus E. Sun Microsystems Answer: ACD 4. Which two technologies act as intrusion protection sensors? (Choose two.) A. routers B. host agents C. deception hosts D. managed switches Answer: BC 5. Which type of attacks are anomaly-based intrusion detection systems primarily designed to detect? A. novel B. known C. host-based D. network-based Answer: A 6. To which mode must you set the network interface on a network intrusion detection sensor to collect all packets?

www.Prepking.com

 A. report B. receive C. transfer D. promiscuous Answer: D 7. Which two states are monitored by statistical anomaly filters to detect changes in network activity? (Choose two.) A. protocol traffic rates B. changes in file sizes C. user account misuse D. users' activity over the network Answer: AD 8. What is a possible risk of operating a decoy-based intrusion detection system on your network? A. Attackers could use the decoy to compromise another system making you liable. B. Attackers learn how to circumvent your perimeter defense through the decoy. C. The decoy reduces network performance by generating broadcast traffic on the network. D. The decoy may give away information about your network and other legitimate systems Answer: A 9. Which type of device is associated with passive intrusion detection strategies? A. firewall B. packet filter C. network sniffer D. management console Answer: C 10. Which activity compromises the integrity of forensic data collected during an incident response investigation of HostA? A. modification of firewall settings to collect additional forensic data B. modification of the system files on HostA to block further intrusions C. modification of the network intrusion detection system's signature files D. modification of the intrusion policy at HostA's IPS sensor to block further intrusions Answer: B 11. Which two conditions affect the performance of network-based intrusion detection systems? (Choose two.) A. local area network traffic congestion B. resource utilization on sensor nodes

www.Prepking.com

 C. presence of a host-based intrusion detection system D. concurrent support for intrusion detection across multiple platforms Answer: AB 12. Which Symantec Security Management System view displays Symantec Host IDS events? A. Symantec Host IDS Events folder, Intrusion Detection Events view B. Symantec Host IDS Events folder, Intrusion Detection Attack view C. Intrusion Detection Family folder, Symantec Host IDS Events view D. Intrusion Detection Reports folder, Symantec Host IDS Attack view Answer: C 13. Which two methods might you use to create custom policies? (Choose two.) A. build from scratch B. use the policy template C. import system registry settings D. export and modify a stock policy Answer: AD 14. Which service facilitates the automatic update of Symantec Host IDS stock policies? A. Symantec LiveUpdate B. Symantec PolicyEditor C. Symantec PolicyUpdate D. Symantec Host IDSUpdate Answer: A 15. Which statement is true regarding Symantec Host IDS policy behavior? A. Policies are collected from Symantec Host IDS Agent computers. B. Policies are distributed to all Symantec Host IDS Agent computers. C. Policies are based on application settings on all computers running Symantec Host IDS. D. Policies are monitored on all computers running Symantec Host IDS Manager services. Answer: B 16. Where are Symantec Host IDS events recorded? A. the DataStore B. the Directory C. the Local Agent log D. the Symantec Host IDS Manager Answer: A 17. Click the Exhibit button. What is the minimum number of Symantec Security Management System Console computers required to monitor the Boston office locally, while managing the entire Symantec Host

www.Prepking.com

 IDS deployment from New York?

A. 1 B. 2 C. 4 D. 15 Answer: B 18. Which solution provides a robust management and reporting framework for Symantec Host IDS? A. Symantec Security Management System B. Symantec Host IDS Manager and Agent Tools C. Symantec Intrusion Protection Enterprise Manager D. Symantec Enterprise Security Management Console Answer: A 19. Which service is required to deploy a Symantec Enterprise Security Architecture Manager? A. IBM HTTP Server B. iPlanet Web Server C. Netscape Web Server D. Internet Information Server Answer: A 20. Which two types of policies are supported by Symantec Host IDS? (Choose two.) A. stock B. update

www.Prepking.com

 C. custom D. best practice Answer: AC 21. Which two logs does the Symantec Host IDS Agent service monitor on a UNIX system? (Choose two.) A. C2 B. Kernel C. Service D. Process Accounting Answer: AD 22. Which two logs does the Symantec Host IDS Agent service monitor on a UNIX system? (Choose two.) A. Wtmp B. Netset C. Syslog D. Security Answer: AC 23. Click the Exhibit button. IT personnel discover a large amount of non-sanctioned file activity on the corporate network. They trace the activity to a wireless access point. The file transfers are of confidential nature from an internal web server. The server is not properly "patched" and the attackers have exploited a web server deficiency. What are two reasons why this security event is a good example of how the company's current security strategy would benefit from the addition of host-based intrusion protection? (Choose two.)

www.Prepking.com

 A. The wireless access points are on a trusted network. B. Systems that are not "patched" cannot be protected from intrusion. C. Perimeter security such as a firewall cannot protect against internal attacks. D. Corporate networks that are connected to the Internet are always vulnerable to web server attacks. Answer: AC 24. How do you reconfigure Symantec Host IDS to respond to new events? A. delete the filters for the new events B. customize the policies to detect the new events C. install the custom event monitor for these new events D. configure the agent service to listen to the new events Answer: B 25. Which communications method does the Symantec Enterprise Security Architecture Console use to communicate with the Symantec Enterprise Security Architecture Manager? A. JDBC B. ODBC C. LDAPS D. HTTPS Answer: D 26. What is a Symantec Host IDS collector? A. a database that collects intrusion data B. a process that extracts information from an agent system C. a service that monitors network intrusion collection devices D. a daemon that forwards intrusion events to security collection devices Answer: B 27. What is a Symantec Host IDS collector? A. a file that stores intrusion data B. a service that monitors network port addresses C. a process that extracts information from a computer D. a daemon that forwards intrusion events to security personnel Answer: C 28. Which additional Symantec product must you install before Symantec Host IDS? A. Symantec Incident Manager B. Symantec System Center Console C. Symantec Enterprise Security Manager D. Symantec Security Management System

www.Prepking.com

 Answer: D 29. Which two configuration strategies help secure the Symantec Host IDS data? (Choose two.) A. configure the Manager TCP/IP settings to prohibit HTTPS access to the manager computer B. install Symantec Host IDS on the Symantec Enterprise Security Architecture DataStore computer C. configure the firewall to prohibit HTTP access to the manager computer from outside the corporate network D. install the Symantec Security Management System Console on the Symantec Enterprise Security Architecture Manager Answer: BC 30. Which Symantec solution provides Symantec Host IDS with a centralized management and reporting interface? A. Symantec System Center B. Symantec Enterprise Security Manager C. Symantec Security Management System D. Symantec Deepsight Threat Management System Answer: C 31. The IT group determines that the laptop of a remote worker in Miami has become infected with a new worm virus. The infected laptop has created network saturation, making the network in Miami unusable while it is online. The source of the virus is unknown. The IT group wants to provide early detection of network saturation caused by possible virus activity. Which Symantec intrusion protection solution should be deployed to meet this objective? A. Symantec ManHunt B. Symantec AntiVirus C. Symantec Host IDS D. Symantec Decoy Server Answer: A 32. Click the Exhibit button. LifeLine Supply Company (LLSC) deploys Symantec ManHunt as part of their intrusion protection solution. They monitor all network switches with Symantec ManHunt and have a console at the corporate headquarters in New York. How many ManHunt nodes do they require to support this solution if a monitoring group is required in each location?

www.Prepking.com

A. 1 B. 4 C. 6 D. 31 Answer: C 33. Which two Symantec Intrusion Protection Solutions can you configure to report intrusion events to the Symantec Security Management System? (Choose two.) A. Symantec ManHunt B. Symantec Host IDS C. Symantec Vulnerability Assessment D. Symantec Enterprise Security Manager Answer: AB 34. Click the Exhibit button. LifeLine Supply Company (LLSC) deploys Symantec ManHunt as part of their intrusion protection solution. They monitor all network switches with Symantec ManHunt and have a console at the corporate headquarters in New York. How many Symantec ManHunt nodes do they require to support this solution?

www.Prepking.com

100% Pass Guaranteed or Full Refund Word to Word Real Exam Questions from Real Test Buy full version of exam from this link below http://www.prepking.com/250-501.htm