Symantec 250-587 Actual Free Exam Questions & Community Discussion

Exam Code/Number: 250-587
Exam Name/Title: Symantec Data Loss Prevention 16.x Administration Technical Specialist
Certification Provider: Symantec
Corresponding Certification: Symantec Certified Specialist

Exam Questions: 102
Updated On: Jun 01, 2026

Question #13

Refer to the exhibit.

What activity should occur during the baseline phase, according to the risk reduction model?

A. Define and build the incident response team

B. Test policies to ensure that blocking actions minimize business process disruptions

C. Monitor incidents and tune the policy to reduce false positives

D. Establish business metrics and begin sending reports to business unit stakeholders

Discussion 0

Correct Answer: D Vote an answer

Question #14

Which two detection technology options run on the DLP agent? (Choose two.)

A. Optical Character Recognition (OCR)

B. Described Content Matching (DCM)

C. Form Recognition

D. Indexed Document Matching (IDM)

E. Directory Group Matching (DGM)

Discussion 0

Correct Answer: C,D Vote an answer

Question #15

How should a DLP administrator exclude a custom endpoint application named "custom_app.exe" from being monitoring by Application File Access Control?

A. Add "custom_app.exe" to the "Program Exclusion List" in the agent configuration settings.

B. Add "custom_app_.exe" as a filename exception to the Endpoint Prevent policy.

C. Add "custom_app.exe" to the "Application Whitelist" on all Endpoint servers.

D. Add "custom_app.exe" Application Monitoring Configuration and de-select all its channel options.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for EduDump members. You can sign-up / login (it's free).

Question #16

A DLP administrator determines that the \SymantecDLP\Protect\Incidents folder on the Enforce server contains. BAD files dated today, while other. IDC files are flowing in and out of the \Incidents directory.
Only .IDC files larger than 1MB are turning to .BAD files.
What could be causing only incident data smaller than 1MB to persist while incidents larger than 1MB change to .BAD files?

A. The Enforce server's hard drive is out of space.

B. Tablespace is almost full.

C. A detection server has excessive filereader restarts.

D. A corrupted policy was deployed.

Discussion 0

Correct Answer: B Vote an answer

Question #17

A customer needs to integrate information from DLP incidents into external Governance, Risk and Compliance dashboards.
Which feature should a third party component integrate with to provide dynamic reporting, create custom incident remediation processes, or support business processes?

A. Incident Reporting and Update API

B. Incident Data Views

C. Export incidents using the CSV format

D. A Web incident extraction report

Discussion 0

Correct Answer: A Vote an answer

Question #18

Which of the following actions can you implement ONLY as a Smart Response rule (and not as an automates response rule)?

A. All: Set Attribute

B. Network Protect: SharePoint Release From Quarantine

C. All: Limit Incident Data Retention

D. All: Add Note

Discussion 0

Correct Answer: D Vote an answer

Download Free Symantec 250-587 Demo

Simply submit your e-mail address below to get started with our free demo of your Symantec 250-587 exam.