Symantec 250-580 Actual Free Exam Questions & Community Discussion

Exam Code/Number: 250-580
Exam Name/Title: Endpoint Security Complete - Administration R2
Certification Provider: Symantec
Corresponding Certification: Endpoint Security

Exam Questions: 152
Updated On: Jun 01, 2026

Question #67

What is an appropriate use of a file fingerprint list?

A. Allow files to bypass Intrusion Prevention detection

B. Prevent Antivirus from scanning a file

C. Prevent programs from running

D. Allow unknown files to be downloaded with Insight

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #68

Which protection technology can detect botnet command and control traffic generated on the Symantec Endpoint Protection client machine?

A. Insight

B. Risk Tracer

C. SONAR

D. Intrusion Prevention

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #69

An organization identifies a threat in its environment and needs to limit the spread of the threat. How should the SEP Administrator block the threat using Application and Device Control?

A. Gather the process name of the file and create an Application Content Rule that blocks the file based on the device ID type.

B. Gather the MD5 hash of the file and create an Application Content Rule that uses regular expression matching.

C. Gather the MD5 hash of the file and create an Application Content Rule that blocks the file based on specific arguments.

D. Gather the MD5 hash of the file and create an Application Content Rule that blocks the file based on the file fingerprint.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #70

What must be entered before downloading a file from ICDm?

A. Date

B. Name

C. Password

D. Hash

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #71

What account type must the AD Gateway Service Account be assigned to the AD Gateway device for AD Synchronization to function correctly?

A. Local Administrator

B. Domain Administrator

C. Domain User

D. Local Standard

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #72

Why is it important for an Incident Responder to review Related Incidents and Events when analyzing an incident for an After Actions Report?

A. It ensures that the Incident is resolved, and the responder is able to close the incident in the SEDR manager.

B. It ensures that the Incident is resolved, and future threats are automatically remediated.

C. It ensures that the Incident is resolved, and the threat does not continue to spread to other parts of the environment.

D. It ensures that the Incident is resolved, and the responder can determine the best remediation method.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #73

How does an administrator view all devices impacted by a suspicious file?

A. From the Alerts and Event list, select Device.

B. From the Discovered Items list, select Devices.

C. From the Discovered Items list, select the file; then, from the Details page, select Devices.

D. From the Alerts and Events list, select Files; then, from the file list, select Devices.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #74

An organization is considering a single site for their Symantec Endpoint Protection environment. What are two (2) reasons that the organization should consider? (Select two)

A. E.Legal constraints

B. Delay-free, centralized reporting

C. Organizational merger

D. 24x7 admin availability

E. Sufficient WAN bandwidth

Discussion 0

Correct Answer: B,E Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #75

What happens when a device fails a Host Integrity check?

A. An administrative notification is logged

B. The device is restarted

C. An antimalware scan is initiated

D. The device is quarantined

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #76

An Incident Responder has determined that an endpoint is compromised by a malicious threat. What SEDR feature would be utilized first to contain the threat?

A. Endpoint Activity Recorder

B. Isolation

C. File Deletion

D. Incident Manager

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #77

A Symantec Endpoint Protection (SEP) administrator receives multiple reports that machines are experiencing performance issues. The administrator discovers that the reports happen at about the same time as the scheduled LiveUpdate.
Which setting should the SEP administrator configure to minimize I/O when LiveUpdate occurs?

A. Disable Run an Active Scan when new definitions arrive

B. Change the Administrator-defined scan schedule

C. Change the LiveUpdate schedule

D. Disable Allow user-defined scans to run when the scan author is logged off

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Download Free Symantec 250-580 Demo

Simply submit your e-mail address below to get started with our free demo of your Symantec 250-580 exam.