250-428 Exam Information and Guideline
Administration of Symantec Endpoint Protection 14
Below are complete topics detail with latest syllabus and course outline, that will help you good knowledge about exam objectives and topics that you have to prepare. These contents are covered in questions and answers pool of exam.
Exam ID : 250-428
Exam Title : Administration of Symantec Endpoint Protection 14
Questions: 65 - 75
Exam Duration: 90 minutes
Passing Score: 70%
Languages: English
The Symantec Endpoint Protection 14: Plan and Implement course is designed for the network, IT security, and systems administration professional in a Security Operations position tasked with planning and implementing a Symantec Endpoint Protection environment. This course covers how to architect and size a Symantec Endpoint Protection environment, install or upgrade the Symantec Endpoint Protection Manager (SEPM), benefit from a SEPM disaster recovery plan, and manage replication and failover. The class also covers how to deploy new endpoints and upgrade existing Windows, Mac, and Linux endpoints.
Course Objectives
By the completion of this course, you will be able to:
• Architect a Symantec Endpoint Protection Environment
• Prepare and deliver a successful Symantec Endpoint Installation
• Build a Disaster Recovery plan to ensure successful SEPM backups and restores
• Manage failover and replication
• Deploy endpoint clients
Introduction
• Course environment
• Lab environment
Preparing and Delivering a Successful Symantec Endpoint Protection Implementation
• Architecting and Sizing the Symantec Endpoint Protection Environment
• Installing the SEPM
• Benefiting from a SEPM Disaster Recovery Plan
• Managing Replication and Failover
Discovering Endpoint Client Implementation and Strategies
• Implementing the Best Method to Deploy Windows, Mac, and Linux Endpoints
• Migrating a SEP 12.1.6 client to SEP 14
Symantec Endpoint Protection 14.x: Configure and Protect
The Symantec Endpoint Protection 14.x: Configure and Protect course is designed for the network, IT security, and systems administration professionals in a Security Operations position who are tasked with configuring optimum security settings for endpoints protected by Symantec Endpoint Protection 14. This class brings context and examples of attacks and tools used by cybercriminals.
Introduction
• Course environment
• Lab environment
Securing Endpoints against Network-Based Attacks
Introducing Network Threats
Describing how Symantec Endpoint Protection protects each layer of the network stack
Discovering the tools and methods used by attackers
Describing the stages of an attack Protecting against Network Attacks and Enforcing Corporate Policies using the Firewall Policy
Preventing network attacks
Examining Firewall Policy elements
Evaluating built-in rules
Creating custom firewall rules
Enforcing corporate security policy with firewall rules
Blocking network attacks using protection and stealth settings
Configuring advanced firewall feature Blocking Threats with Intrusion Prevention
Introducing Intrusion Prevention technologies
Configuring the Intrusion Prevention policy
Managing custom signatures
Monitoring Intrusion Prevention events
Introducing File-Based Threats
Describing threat types
Discovering how attackers disguise their malicious applications
Describing threat vectors
Describing Advanced Persistent Threats and a typical attack scenario
Following security best practices to reduce risks Preventing Attacks with SEP Layered Security
Virus and Spyware protection needs and solutions
Describing how Symantec Endpoint Protection protects each layer of the network stack
Examining file reputation scoring
Describing how SEP protects against zero-day threats and threats downloaded through files and email
Describing how endpoints are protected with the Intelligent Threat Cloud Service
Describing how the emulator executes a file in a sandbox and the machine learning engines role and function
Securing Windows Clients
Platform and Virus and Spyware Protection policy overview
Tailoring scans to meet an environments needs
Ensuring real-time protection for clients
Detecting and remediating risks in downloaded files
Identifying zero-day and unknown threats
Preventing email from downloading malware
Configuring advanced options
Monitoring virus and spyware activity Securing Mac Clients
Touring the SEP for Mac client
Securing Mac clients
Monitoring Mac clients
Securing Linux Clients
Navigating the Linux client
Tailoring Virus and Spyware settings for Linux clients
Monitoring Linux clients Controlling endpoint integrity and compliance
Providing Granular Control with Host Integrity
Ensuring client compliance with Host Integrity
Configuring Host Integrity
Troubleshooting Host Integrity
Monitoring Host Integrity
Controlling Application and File Access
Describing Application Control and concepts
Creating application rulesets to restrict how applications run
Monitoring Application Control events Restricting Device Access for Windows and Mac Clients
Describing Device Control features and concepts for Windows and Mac clients
Enforcing access to hardware using Device Control
Discovering hardware access policy violations with reports, logs, and notifications
Hardening Clients with System Lockdown
What is System Lockdown?
Determining to use System Lockdown in Whitelist or Blacklist mode
Creating whitelists for blacklists
Protecting clients by testing and Implementing System Lockdown.
Enforcing Adaptive Security Posture
Customizing Policies based on Location
Creating locations to ensure the appropriate level of security when logging on remotely
Determining the criteria and order of assessment before assigning policies
Assigning policies to locations
Monitoring locations on the SEPM and SEP client
Managing Security Exceptions
Creating file and folder exceptions for different scan types
Describing the automatic exclusion created during installation
Managing Windows and Mac exclusions
Monitoring security exceptions
Symantec Endpoint Protection 14.x: Manage and Administer
The Symantec Endpoint Protection 14.x: Manage and Administer course is designed for the network, IT security, and systems administration professional in a Security Operations position tasked with the day-to-day operation of the SEPM management console. The class covers configuring sever-client communication, domains, groups, and locations and Active Directory integration. You also learn how Symantec Endpoint Protection uses LiveUpdate servers and Group Update Providers to deliver content to clients. In addition, you learn how to respond to incidents using monitoring and reporting
Course Objectives
By the completion of this course, you will be able to:
• Describe how the Symantec Endpoint Protection Manager (SEPM) communicates with clients and make appropriate changes as necessary.
• Design and create Symantec Endpoint Protection group structures to meet the needs of your organization.
• Respond to threats using SEPM monitoring and reporting.
• Analyze the content delivery system (LiveUpdate).
• Reduce bandwidth consumption using the best method to deliver content updates to clients.
• Configure Group Update Providers.
• Create location aware content updates
.
• Use Rapid Release definitions to remediate a virus outbreak.
Monitoring and Managing Endpoints
Managing Console Access and Delegating
Responsibility
• Creating administrator accounts
• Managing administrators and delegating responsibility
Managing Client-to-SEPM Communication
• Analyzing client-to-SEPM communication
• Restoring communication between clients and SEPM
• Verifying clients are online with the SEPM
Managing the Client Architecture and Active
Directory Integration
• Describing the interaction between sites, domains, and groups
• Managing groups, locations, and policy inheritance
• Assigning policies to multiple locations
• Importing Active Directory Organizational Units
• Controlling access to client user interface settings
Managing Clients and Responding to Threats
• Identifying and verifying the protection status for all computers
• Monitoring for health status and anomalies
• Responding to incidents
Monitoring the Environment and Responding to Threats
• Monitoring critical log data
• Identifying new incidents
• Responding to incidents
• Proactively respond to incidents
Creating Incident and Health Reports
• Reporting on your environments security status
• Reporting on the health of your environment
Enforcing Content Updates on
Endpoints using the Best Method
Introducing Content Updates using LiveUpdate
Describing the LiveUpdate ecosystem
Configuring LiveUpdate sources
Troubleshooting LiveUpdate
Examining the need for an internal LiveUpdate
Administration server
Describe the high-level steps to configure an internal
LiveUpdate server
Analyzing the SEPM Content Delivery System
Describing content updates
Configuring LiveUpdate on the SEPM and clients
Monitoring a LiveUpdate session
Managing content on the SEPM
Monitoring content distribution for clients
Managing Group Update Providers
Identifying the advantages of using group update providers
Adding group update providers
Adding multiple and explicit group update providers
Identifying and monitoring group update providers
Examining group update provider health and status
Configuring Location Aware Content Updates
Examining location awareness
Configuring location aware content updates
Monitoring location aware content updates
Managing Certified and Rapid Release Definitions
Managing Certified SEPM definitions from Symantec
Security Response
Managing Certified Windows client definitions from Symantec Security Response
Managing Rapid Release definitions from Symantec Security Response
Managing Certified and Rapid Release definitions from Symantec Security Response for Mac and Linux clients
Using static definitions in scripts to download content