Weekend Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

250-587 Symantec Data Loss Prevention 16.x Administration Technical Specialist Questions and Answers

Questions 4

Where should an administrator set the debug levels for an Endpoint Agent?

Options:

A.

Setting the log level within the Agent List

B.

Advanced configuration within the Agent settings

C.

Setting the log level within the Agent Overview

D.

Advanced server settings within the Endpoint server

Buy Now
Questions 5

Why would an administrator set the Similarity Threshold to zero when testing and tuning a Vector Machine Learning (VML) profile?

Options:

A.

To capture the matches to the Negative set

B.

To capture the matches to the Positive set

C.

To see the entire range of potential matches

D.

To see the false negatives only

Buy Now
Questions 6

What is the Symantec recommended order for stopping Symantec DLP services on a Windows Enforce server?

Options:

A.

Vontu Notifier, Vontu Incident Persister, Vontu Update, Vontu Manager, Vontu Monitor Controller

B.

Vontu Update, Vontu Notifier, Vontu Manager, Vontu Incident Persister, Vontu Monitor Controller

C.

Vontu Incident Persister, Vontu Update, Vontu Notifier, Vontu Monitor Controller, Vontu Manager.

D.

Vontu Monitor Controller, Vontu Incident Persister, Vontu Manager, Vontu Notifier, Vontu Update.

Buy Now
Questions 7

Which two components can perform a file system scan of a workstation? (Choose two.)

Options:

A.

Endpoint Server

B.

DLP Agent

C.

Network Prevent for Web Server

D.

Discover Server

E.

Enforce Server

Buy Now
Questions 8

A DLP administrator is testing Network Prevent for Web functionality. When the administrator posts a small test file to a cloud storage website, no new incidents are reported.

What should the administrator do to allow incidents to be generated against this file?

Options:

A.

Change the “Ignore requests Smaller Than” value to 1

B.

Add the filename to the Inspect Content Type field

C.

Change the “PacketCapture.DISCARD_HTTP_GET” value to “false”

D.

Uncheck trial mode under the ICAP tab

Buy Now
Questions 9

Which option correctly describes the two-tier installation type for Symantec DLP?

Options:

A.

Install the Oracle database on one host, and install the Enforce server and a detection server on a second host.

B.

Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.

C.

Install the Oracle database and a detection server on the same host, and install the Enforce server on a second host.

D.

Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.

Buy Now
Questions 10

A DLP administrator is preparing to install Symantec DLP and has been asked to use an Oracle database provided by the Database Administration team.

Which SQL *Plus command should the administrator utilize to determine if the database is using a supported version of Oracle?

Options:

A.

select database version from < database name > ;

B.

select * from db$version;

C.

select * from v$version;

D.

select db$ver from < database name > ;

Buy Now
Questions 11

Which product is able to replace a confidential document residing on a file share with a marker file explaining why the document was removed?

Options:

A.

Network Discover

B.

Cloud Service for Email

C.

Endpoint Prevent

D.

Network Protect

Buy Now
Questions 12

Which two Network Discover/Cloud Storage targets apply Information Centric Encryption as policy response rules?

Options:

A.

Microsoft Exchange

B.

Windows File System

C.

SQL Databases

D.

Microsoft SharePoint

E.

Network File System (NFS)

Buy Now
Questions 13

What should an incident responder select in the Enforce management console to remediate multiple incidents simultaneously?

Options:

A.

Smart Response on the Incident Snapshot page

B.

Automated Response on an Incident List report

C.

Smart Response on an Incident List report

D.

Automated Response on the Incident Snapshot page

Buy Now
Questions 14

What should an incident responder select in the Enforce management console to remediate multiple incidents simultaneously?

Options:

A.

Smart response on the Incident page

B.

Automated Response on the Incident Snapshot page

C.

Smart response on an Incident List report

D.

Automated response on an Incident List report

Buy Now
Questions 15

How should a DLP administrator change a policy so that it retains the original file when an endpoint incident has detected a “cope to USB device” operation?

Options:

A.

Add a “Limit Incident Data Retention” response rule with “retain Original Message” option selected.

B.

Modify the agent config.db to include the file

C.

Modify the “Endpoint_Retain_Files.int” setting in the Endpoint server configuration

D.

Modify the agent configuration and select the option “retain Original Files”

Buy Now
Questions 16

Which of the following is a good use case for Structured Data Identifiers (SDIs)?

Options:

A.

Detecting the copying of healthcare data in tabular format to USB devices from endpoint computers

B.

Detecting confidential financial data contained in XLSX or CSV email attachments

C.

Detecting partial sections of merger and acquisition documents in Network Discover scans

D.

Detecting single instances of Personally Identifiable Information (PII) in Endpoint Discover scans

Buy Now
Questions 17

When configuring Network Prevent for Email, what is the role of Mail Transfer Agents (MTAs)?

Options:

A.

To secure web browsers

B.

To monitor general network traffic

C.

To capture and inspect email traffic

D.

To manage network firewalls

Buy Now
Questions 18

Which two (2) DLP products support Optical Character Recognition (OCR)? (Choose two.)

Options:

A.

Network Discover

B.

Endpoint Prevent

C.

Network Prevent for Email

D.

Endpoint Discover

E.

Information Centric Analytics

Buy Now
Questions 19

Which network DLP products support User Risk-Based Detection, in which Symantec DLP uses Symantec Information Centric Analytics (ICA) user risk scores in policy detection rules?

Options:

A.

Network Prevent for Email only

B.

Network Prevent for Web only

C.

Network Prevent for Email and Network Prevent for Web only

D.

Network Monitor, Network Prevent for Email, and Network Prevent for Web

Buy Now
Questions 20

Which two detection technology options ONLY run on a detection server? (Choose two.)

Options:

A.

Form Recognition

B.

Indexed Document matching (IDM)

C.

Described Content Matching (DCM)

D.

Exact data matching (EDM)

E.

vector Machine Learning (VML)

Buy Now
Questions 21

Which two (2) detection technology options run on the DLP agent? (Choose two.)

Options:

A.

Indexed Document Matching (IDM)

B.

Directory Group Matching (DGM)

C.

Described Content Matching (DCM)

D.

Optical Character Recognition (OCR)

E.

Form Recognition

Buy Now
Questions 22

Why is it important for an administrator to utilize the grid scan feature?

Options:

A.

To distribute the scan workload across multiple network discover servers

B.

To distribute the scan workload across the cloud servers

C.

To distribute the scan workload across multiple endpoint servers

D.

To distribute the scan workload across multiple detection servers

Buy Now
Questions 23

A divisional executive requests a report of all incidents generated by a particular region, summarized by department.

What does the DLP administrator need to configure to generate this report?

Options:

A.

Custom attributes

B.

Status attributes

C.

Sender attributes

D.

User attributes

Buy Now
Questions 24

An administrator is unable to log in to the Enforce management console as “sysadmin”. Symantec DLP is configured to use Active Directory authentication. The administrator is a member of two roles: “sysadmin” and “remediator.”

How should the administrator log in to the Enforce console with the “sysadmin” role?

Options:

A.

sysadmin\username

B.

sysadmin\username@domain

C.

domain\username

D.

username\sysadmin

Buy Now
Questions 25

Which detection server is available from Symantec as a hardware appliance?

Options:

A.

Network Prevent for Email

B.

Network Discover

C.

Network Monitor

D.

Network Prevent for Web

Buy Now
Questions 26

What is the correct configuration for “BoxMonitor.Channels” that will allow the server to start as a Network Monitor server?

Options:

A.

Packet Capture, Span Port

B.

Packet Capture, Network Tap

C.

Packet Capture, Copy Rule

D.

Packet capture, Network Monitor

Buy Now
Questions 27

Which two actions are available for a “Network Prevent: Remove HTTP/HTTPS content” response rule when the content is unable to be removed? (Choose two.)

Options:

A.

Allow the content to be posted

B.

Remove the content through FlexResponse

C.

Block the content before posting

D.

Encrypt the content before posting

E.

Redirect the content to an alternative destination

Buy Now
Questions 28

Which two locations can Symantec DLP scan and perform Information Centric Encryption (ICE) actions on? (Choose two.)

Options:

A.

Exchange

B.

Jiveon

C.

File store

D.

SharePoint

E.

Confluence

Buy Now
Questions 29

A DLP administrator created a new agent configuration for an Endpoint server. However, the endpoint agents fail to receive the new configuration.

What is one possible reason that the agent fails to receive the new configuration?

Options:

A.

The new agent configuration was saved but not applied to any endpoint groups.

B.

The new agent configuration was copied and modified from the default agent configuration.

C.

The default agent configuration must be disabled before the new configuration can take effect.

D.

The Endpoint server needs to be recycled so that the new agent configuration can take effect.

Buy Now
Questions 30

What is the default fallback option for the Endpoint Prevent Encrypt response rule?

Options:

A.

Block

B.

User Cancel

C.

Encrypt

D.

Notify

Buy Now
Questions 31

Which two (2) actions are available for a “Network Prevent: Remove HTTP/HTTPS content” response rule when the content is unable to be removed? (Choose two.)

Options:

A.

Redirect the content to an alternative destination

B.

Block the content from being posted

C.

Encrypt the content before posting

D.

Remove the content through FlexResponse

E.

Allow the content to be posted

Buy Now
Questions 32

Which type of detector integrates with Symantec CloudSOC?

Options:

A.

Cloud Detection Service for REST

B.

Cloud Detection Service for ICAP

C.

Cloud Detection Service for SMTP

D.

Cloud Prevent detector

Buy Now
Exam Code: 250-587
Exam Name: Symantec Data Loss Prevention 16.x Administration Technical Specialist
Last Update: Jul 19, 2026
Questions: 108

PDF + Testing Engine

$134.99

Testing Engine

$99.99

PDF (Q&A)

$84.99