250-604 by Broadcom Actual Free Exam Questions And Answers

Question 1

Which two functions does the SES Complete Heatmap provide to administrators? (Choose two)

A. Real-time forensic packet capture

B. Visibility into application behavior across all devices

C. Direct firewall rule editing interface

D. Identification of risky application behaviors

Discussion 0

Correct Answer: B,D Vote an answer

Question 2

What benefit does ICDm provide when managing remote endpoints?

A. Blocks updates unless the device is on-premises

B. Limits endpoint visibility outside the LAN

C. Requires VPN to update policies

D. Enables real-time policy enforcement and threat remediation

Discussion 0

Correct Answer: D Vote an answer

Question 3

Scenario:
A suspicious alert has appeared across multiple endpoints, originating from a shared file server. As part of the EDR response workflow, you need to confirm whether all devices interacted with the same suspicious file.
Which ICDm feature is best suited to identify and correlate this activity?

A. VPN Connector Logs

B. Policy Configuration Page

C. Endpoint Activity Recorder

D. Data Loss Prevention (DLP) dashboard

Discussion 0

Correct Answer: C Vote an answer

Question 4

Which SES Policy protects against port scan detections?

A. Firewall

B. Device Control

C. IPS

D. Exploit Mitigation

Discussion 0

Correct Answer: A Vote an answer

Question 5

Which report format is supported in Symantec Endpoint Security?

A. HTML

B. PDF

C. Text

D. XML

Discussion 0

Correct Answer: B Vote an answer

Question 6

Scenario:
An enterprise security team notices that several users have recently accessed resources they typically do not use. TDAD has raised alerts regarding credential misuse and suspicious lateral movement patterns.
Which two actions should the team take using SES Complete? (Choose two)

A. Uninstall and reinstall AD group policies

B. Switch the TDAD policy from monitor to active blocking mode

C. Investigate authentication paths flagged by TDAD

D. Configure additional sensors on all file servers

Discussion 0

Correct Answer: B,C Vote an answer

Question 7

How does EDR aid in investigating the lateral movement of threats across endpoints in a network?

A. By logging DNS resolution times

B. By visualizing process-level telemetry across affected endpoints

C. By showing real-time firewall activity logs

D. By integrating third-party authentication alerts

Discussion 0

Correct Answer: B Vote an answer

Question 8

Which policy feature can assist in tracking changes over time and debugging misconfigurations?

A. Content sync monitoring

B. Policy version history

C. Endpoint tagging

D. Logging level adjustment

Discussion 0

Correct Answer: B Vote an answer

Question 9

When analyzing suspicious files using EDR, how are files typically submitted for deeper inspection?

A. Using the "submit to sandbox" option from the alert or incident view

B. By emailing the file to Symantec support

C. Through the SEP Mobile App interface

D. Via the System Lockdown command

Discussion 0

Correct Answer: A Vote an answer

Question 10

Which features contribute to blocking data exfiltration in SES Complete? (Choose two)

A. Data Loss Prevention Rules

B. Script Runner

C. Network Integrity

D. Content Update Optimization

Discussion 0

Correct Answer: A,C Vote an answer

Question 11

What benefit does behavioral tuning offer in the context of App Control and reducing the endpoint attack surface?

A. It fine-tunes detection rules to reduce false positives and improve user experience.

B. It enables the creation of USB device whitelists.

C. It provides remote desktop access to endpoints during threats.

D. It ensures antivirus signatures are updated every 2 hours.

Discussion 0

Correct Answer: A Vote an answer

Question 12

How can EDR assist security administrators in distinguishing between suspicious and confirmed malicious activity?

A. By auto-deploying new agents across endpoints

B. By comparing behaviors against predefined threat intelligence baselines

C. By issuing licensing alerts for underused devices

D. By modifying user roles and access rights

Discussion 0

Correct Answer: B Vote an answer

Question 13

Which monitoring techniques are used by Threat Defense for Active Directory to identify potentially malicious behaviors in AD environments? (Choose two)

A. Observing abnormal access to administrative shares and sensitive AD objects

B. Analyzing Group Policy inheritance across domain trees

C. Tracking PowerShell command logs and matching them against whitelisted scripts

D. Monitoring failed login attempts and abnormal authentication requests

Discussion 0

Correct Answer: A,D Vote an answer

Question 14

What does SES Complete do to block Command & Control (C2) communication attempts?

A. It uses predefined detection models and network rules

B. It disables all external DNS lookups

C. It restricts browser usage policies

D. It filters out all inbound traffic

Discussion 0

Correct Answer: A Vote an answer

Question 15

How does the Endpoint Activity Recorder assist with threat investigation in EDR?

A. It replaces all log data with summarized event details

B. It blocks zero-day threats in real time

C. It provides real-time snapshots of system processes and behaviors

D. It encrypts forensic logs before transmission

Discussion 0

Correct Answer: C Vote an answer

Broadcom Symantec Endpoint Security Complete Admin R1.4 Technical Specialist - 250-604 Exam Practice Test

Contact Us

Useful Links

Latest Updated