Learning Center
Plans & pricing Sign in
Sign Out

TestKing 250-503


									             TestKing Symantec 250-503 Exam Questions & Answers

Security Management Solutions

Exam number/code: 250-503
Exam name: Security Management Solutions
Questions & Answers: 126 Q&A
Related Certifications: SCTA, SCSE, SCSP

Hundreds of people each day pass their IT certification exams with Testking
guaranteed certification resources and training kits.

Use the Symantec 250-503 questions and answers to practice for your next Symantec
certification exam. If you don't pass – you don't pay! Testking has the first and only 100%
product satisfaction and exam passing guarantee. Advanced practice questions and
answers help drive the information into your routine thinking and surpass 250-503 brain
dumps in retention and skill building.

Symantec 250-503 exam answers and practice questions can be used at home or office,
installable on up to two PCs, or print the questions and answers to take with you and train
on-the-go! Symantec 250-503 preparation tools are the perfect fit for any Symantec
certification candidate with 250-503 training materials for every level of entry.

Exam Engine Features
Control your IT training process by customizing your practice certification questions and
answers. The fastest and best way to train.

   *   Truly interactive practice tests
   *   Create and take notes on any question
   *   Retake tests until you're satisfied
   *   YOU select the areas of the exam to cover
   *   Filter questions for a new practice test experience each time
   *   Re-visit difficult questions
              TestKing Symantec 250-503 Exam Questions & Answers

  Exam: 250-503 Certification Questions & Answers

Question 1:

Which feature is a benefit of Symantec Enterprise Security Manager (Symantec ESM)?

A. real-time correlation
B. policy conflict resolution
C. remote network assessment
D. customized system grouping

Answer: D

Page 14 Symantec Enterprise Security Manager Installation Guide Version 6.0

For optimum functioning of the Symantec ESM program, assign computers that must comply
with the same company security policy to the same domain. In addition, whenever possible,
assign computers to domains within security administrator areas of responsibility. Symantec
ESM lets you assign agents running on different platforms to the same domain.

Question 2:

What are two benefits to network-based Symantec Vulnerability Assessment Scans?
(Choose two)

A. Performs throttled scans
B. Scans using privileged access
C. Distributed scans rolled up to a central console
D. Audits resources that you are not allowed to install a SESA Agent on

Answer: C,D

Page 14 Introduction to Symantec Vulnerability Assessment Student Guide August 19,

Network-based audits
Network-based audits use a single network-based scanner to evaluate other computers on
the network. They are not as thorough as host-based audits because they cannot audit the
components installed in the system. The network-based scanner probes your network using
both ordinary information gathering tools and specialized system-cracking tools. These tools
can probe many different platforms, including UNIX, Linux, Windows and NetWare.
Network audits provide you with the following benefits: Get immediate vulnerability
information without having to install SESA Agents on each computer Discover unknown
computers and resources on your network Audit computers and resources that cannot install
SESA Agents Can identify intermittent resources such as laptops

Page 7 Symantec Vulnerability Assessment Implementation Guide Version 1.0

Symantec Vulnerability Assessment performs non-privileged network-based assessment .
The resulting network-based vulnerability information can help you secure network
resources that cannot install SESA Agents.

Page 148 Symantec Security Management Solutions Student Guide March 16, 2004

In addition to host-based assessments, Symantec Vulnerability Assessment has a limited
capacity to do network-based scans. You can use network-based audits to: Locate or
               TestKing Symantec 250-503 Exam Questions & Answers
inventory systems on your network Identify services running on located systems Identify
vulnerabilities of services on systems Roll-up distributed scan results into a central console
Map the vulnerability to the Symantec Vulnerability Database

Question 3:

Which two are groupings of security checks in Symantec Enterprise Security Manager
(Symantec ESM)? (Choose two)

A. File systems and directories
B. Process blocking and integrity
C. User accounts and authorization
D. System and domain administration

Answer: A,C

Page 22 Symantec Enterprise Security Manager User's Guide Version 6.0

Networked computers are vulnerable to unauthorized access, tampering, and denial of
service attacks in three critical areas.Security modules evaluate each of the critical
vulnerability areas. Modules have checks that assess the control settings of the operating
system in a systematic way.
Each check assesses one area of potential vulnerabilities.
* User accounts and authorization
* Network and server settings File systems and directories

Question 4:

Which component of the Symantec Enterprise Security Architecture (SESA) forwards data
generated by security products to the Symantec Security Management System?

A. Agent
B. Provider
C. Manager
D. Collector
E. DataStore

Answer: A

Page 34 Symantec Security Management Solutions Student Guide March 16, 2004

A provider is a Symantec add-on program that extends the functionality of the SESA Agent.

The collector is a software tool that gathers information from third-party security products
and passes it to a SESA Agent.

Page 24 Symantec Security Management Solutions Student Guide March 16, 2004

The Symantec Enterprise Security Architecture (SESA) Agent is a Java application that you
run at each managed endpoint of your enterprise. The Agent connects all Symantec
Enterprise Security (SES) products to the SESA Manager. You could have hundreds or
thousands of Agents deployed in your organization.

You use a SESA Manager for multiple security applications at the same time. It provides
centralized collection of, and access to, event data and associated logs and reports. You
also use it to manage and access policy data. The SESA Manager is a Web application
server running a servlet engine and related Symantec middleware. You may need only a few
              TestKing Symantec 250-503 Exam Questions & Answers
SESA Managers, from a handful to a few dozen, depending on the size of your organization.

The SESA DataStore is a relational database that stores all event data received from
various security products and any alerts generated through alert configurations. The SESA
Agents that are coresident with security products extract events from the security products
and forward them to the SESA Manager . The SESA Manager then stores the event data in
the DataStore. The SESA DataStore is currently implemented using IBM DB2.

Page 25 Symantec Incident Manager 3.0 Lab guide August 22, 2003

SESA Agents collect events from security products and send the events to the SESA
Manager . The SESA Manager sends the events to the Correlation Manager, which uses a
sophisticated set of rules to filter, aggregate, and correlate the events into security incidents.
The Correlation Manager sends the incidents to Symantec Incident Manager for evaluation,
tracking, and response.

Question 5:

Which vulnerability assessment technology is more likely to produce false positives?

A. Privileged
B. Host-based
C. Port scanning
D. Network-based

Answer: D

Page 6 Symantec Vulnerability Assessment Implementation Guide Version 1.0

Host-based assessments: Greatly reduce the number of false positive and false negative
reports when compared with network-based assessments Avoid the operating problems that
occur during network scans Provide superior scalability and performance over network-
based products Increase security because host-based assessments do not require the
storage of administrative privileges

Question 6:

Which product should you use to identify and correlate security events in near real-time?

A. Symantec HostDS
B. Symantec Incident Manager
C. Symantec Vulnerability Assessment
D. Symantec Enterprise Security Manager (Symantec ESM)

Answer: B

Page 25 Symantec Incident Manager 3.0 Lab guide August 22, 2003

Symantec Incident Manager includes the following components:
* Correlation Manager
* Incident Manager
The Correlation Manager component performs automated real-time correlation ,
aggregation, and filtering of security events to create security incidents.

The Incident Manager component dynamically prioritizes incidents and provides incident
management and research capabilities.
              TestKing Symantec 250-503 Exam Questions & Answers

Question 7:

Which two are trusted authorities that Symantec Enterprise Security Manager (Symantec
ESM) bases its Best Practice Policies on? (Choose two)


Answer: A,C

Page 102 Symantec Enterprise Security Manager User's Guide Version 6

High-level policies incorporate checks for additional best practices that are prescribed by the
ISO 17799 standard and recommended for specific application and OS platform
combinations by trusted information security experts. ISO-based best practice policies
assess compliance with common best practices as described in the ISO/IEC 17799
international standard, "Information Using policies, templates, snapshots, and modules
technology - Code of practice for information security management," and defined by trusted
security experts and clearing houses. Note: Symantec ESM best practice policies are
based on sections of the ISO 17799 standard that address logical access controls and other
security issues pertaining to electronic information systems. You should review the ISO
17799 standard in its entirety to identify all issues that you need to address in your
organization's information policy.

Other standards and regulations
The information in this guide also applies to Symantec ESM best practice policies to assess
compliance with the following standards and regulations:
* Health Insurance Portability and Accountability Act (HIPAA)
* Center for Internet Security (CIS) Benchmarks
* SANS Top Twenty

Question 8:

Which application can be configured to send an alert when it receives a Symantec Incident
Manager incident reassignment event message?

A. Symantec Incident Manager
B. Symantec Vulnerability Assessment
C. Symantec Enterprise Security Architecture (SESA)
D. Symantec Enterprise Security Manager (Symantec ESM)

Answer: C

Page 204 Symantec Security Management Solutions Student Guide March 16, 2004

Incident reassignment event
Symantec Incident Manager automatically sends an event message to SESA when an
incident is reassigned . You can configure the SESA alerting service to send an alert to
inform management when an incident is reassigned.

Question 9:

What is one benefit of using Symantec Enterprise Security Manager (Symantec ESM)?
               TestKing Symantec 250-503 Exam Questions & Answers
A. Holistic risk mitigation
B. Holistic security event manager
C. Automated and scheduled network assessments
D. Automated security policy compliance management

Answer: D

Page 26 Symantec Enterprise Security Manager 6.0 Administration with Advanced Topics
Student Guide January 16, 2004

Symantec ESM can then provide an automated reporting mechanism that will help you
identify trends, measure the effectiveness of risk reduction, and measure compliance to your
security policy .

Question 10:

Which web service is used by the Symantec Security Management System (SSMS)?

A. SunOne Web Server
B. IBM HTTP Web Server
C. Linux Apache Web Server
D. Microsoft internet information Server

Answer: B

Page 70 Symantec Enterprise Security Architecture Implementation Guide SESA 2.0

Web Server (Windows only) - The user name and password for a Windows 2000 account.
These are required to install the IBM HTTP Server . If the account does not exist, it is
created. This Windows 2000 account must use a password. You can use up to 32
characters in the user name or password, including embedded blank spaces. Do not use
characters from a double-byte character set (DBCS) in the password. To manage password
changes, set up a unique account. The Windows 2000 account user name is case-sensitive
when it is used to log on to the IBM HTTP Server. As a best practice, use a local account
other than the local Administrator account.

Question 11:

Which Symantec Enterprise Security Architecture (SESA) component should you install the
SVA Provider on?

A. Agent
B. Console
C. Manager
D. DataStore

Answer: A

Page 30 Symantec Vulnerability Assessment Implementation Guide Version 1.0

The Symantec Vulnerability Assessment (SVA) Provider is an add-on program that extends
the functionality of the SESA Agent. Installing the SVA Provider on a SESA Agent computer
lets the SESA Agent perform host-based audits.
               TestKing Symantec 250-503 Exam Questions & Answers
Question 12:

Which Symantec Enterprise Security Manager (Symantec ESM) report provides only
summary information about the enterprise's conformity to each security module?

A. Policy
B. Domain
C. Security
D. Executive

Answer: D

Page 147 Symantec Enterprise Security Manager User's Guide Version 6

The Executive report lists the selected object's conformity to each security module . You can
create an executive report from specific nodes in the enterprise tree. The nodes are the My
ESM Enterprise node, the All Managers node and any node that is subordinate to the All
Managers node.

Question 13:

How does Symantec Enterprise Security Manager (Symantec ESM) check password

A. word lists
B. templates
C. name lists
D. dictionary txt file

Answer: A

Page 188 Symantec Enterprise Security Manager 6.0 Administration with Advanced Topics
Student Guide

The password strength module depends on word files to identify easily guessed passwords.
Each word file is a listing of common names within a certain category. ESM's default word
files include: Computer English First and Last Names Large English Synopsis Internet Worm
Yiddish Password Cracking

Question 14:

A mission critical application must use the Windows 2000 guest account for management
functions. Your organizations security policy states that the guest account should not be
used for any reason.
Which option should you use to temporarily prevent Symantec Enterprise Security Manager
(Symantec ESM) from reporting the guest account as an exception while the application is
reengineered to use another Windows 2000 user account?

A. Rules
B. Filters
C. Exclusions
D. Suppressions

Answer: D

Page 26 Symantec Enterprise Security Manager User's Guide Version 6
                TestKing Symantec 250-503 Exam Questions & Answers
Some Symantec ESM messages may report known policy exceptions that are allowed by
your organization's security policy. You can temporarily or permanently suppress these
messages instead of adjusting the policy any possibly excluding important areas of the
computer from a check. Suppressions do not correct security problems. They only prevent
the problems from appearing in future security reports.

Question 15:

Which two phases of the SANS incident handing lifecycle are managed with Symantec
Incident Manager? (Choose two)

A. Identify
B. Secure
C. Initialize
D. Eradicate

Answer: A,D

Page 308 SESA with Incident Manager Self-study Guide April 1, 2003

The Incident Response Cycle
Each recommended action belongs to one of the following phases of the Incident Response
Cycle: Prepare : Actions that reduce the exposure to security threats (for example defining
security policies). Identify : Actions that verify that an incident has occurred and determine its
nature and scope. Contain : Actions that limit the impact of the threat (for example, closing
ports or changing passwords). Eradicate : Actions that eliminate the cause of the problem or
fix the problem (for example, repairing an infected file or applying a permanent fix or patch).
Recover : Actions that bring compromised systems back into service (such actions may
include restoring data from backup or re-installing the operating system). Follow up : Actions
to perform after the incident is resolved, such as generating reports, estimating the cost of
the incident, and writing recommendations. The main purpose of the follow-up phase is to
prevent future incidents or reduce the impact of and improve responses to future incidents.

  Related 250-503 Exams:

  Popular Certification Exams:

642-523             642-522            70-510              000-960            642-652
646-563             50-650             Section 2:          HP0-D01            1Y0-A14
QAWI301V3.0         1Y0-308            EE0-512             190-738            EW0-100

  Hot Certifications:

MCITP               SDI                CCVP                SNIA Certified     CEP

  Popular Certification Providers:
           TestKing Symantec 250-503 Exam Questions & Answers

Guidance       Sybase        Veritas       TruSecure     Checkpoint

To top