Symantec Messaging Gateway 10.0. Technical Assessment · PDF fileSymantec Messaging Gateway 10.0 is certified for non-virtual deployment on which hardware devices? A. Symantec 2950

Symantec Messaging Gateway 10.0. Technical Assessment

Number: ST0-199Passing Score: 800Time Limit: 120 minFile Version: 1.0

http://www.gratisexam.com/

Exam A

QUESTION 1What is the recommended minimum hard-drive size for a virtual instance of Symantec Messaging Gateway10.0?

A. 80 GBB. 90 GBC. 160 GBD. 180 GB

Correct Answer: BSection: (none)Explanation

Explanation/Reference:

QUESTION 2What is the recommended minimum hard-drive size for a virtual instance of Symantec Messaging Gateway10.0?

A. 80 GBB. 90 GBC. 160 GBD. 180 GB



QUESTION 3What are two installation options for Symantec Messaging Gateway 10.0? (Select two.)

A. upgrade from Symantec Brightmail Gateway 8.0.3B. enable autoupdate in LiveUpdate settingsC. upgrade from Symantec Mail Security for SMTP (SMS-SMTP) 8.0.3D. OSRestore using the downloadable VMWare OVF templateE. OSRestore from the Symantec Brightmail Gateway 10.0 CD

Correct Answer: AESection: (none)Explanation


QUESTION 4Message throughput of a Symantec Messaging Gateway scanner-only appliance can be reduced by which twofeatures? (Select two.)

A. rapid release definitionsB. real-time updatesC. DKIM signingD. SMTP authenticationE. hourly quarantine expunging

Correct Answer: CDSection: (none)Explanation


QUESTION 5Symantec Messaging Gateway 10.0 is certified for non-virtual deployment on which hardware devices?

A. Symantec 2950 series appliancesB. Symantec 3570 series appliancesC. Symantec 7100 series appliancesD. Symantec 8300 series appliances

Correct Answer: DSection: (none)Explanation


QUESTION 6Which two are functions of a Symantec Messaging Gateway 10.0 scanner? (Select two.)

A. provides quarantine storage for messagesB. downloads virus definitionsC. hosts a web serverD. filters the message streamE. runs expunger agents for the quarantine

Correct Answer: BDSection: (none)Explanation


QUESTION 7What is the maximum number of incident folders that may be created in Symantec Messaging Gateway 10.0?

A. 100B. 1,000

C. 10,000D. unlimited



QUESTION 8Which Symantec Messaging Gateway 10.0 feature is used to organize, monitor, and manage incidents?


A. Regulatory ArchivesB. End User QuarantineC. Regulatory ProtocolsD. Content Incident Folders

Correct Answer: CSection: (none)Explanation


QUESTION 9What do content incident folders allow administrators to configure?

A. granular access controlB. the X- header added for client processingC. the incident folder names passed to the clientD. additional folders where end-users can store junk mail

Correct Answer: ASection: (none)Explanation


QUESTION 10Which two policy actions are available within Symantec Messaging Gateway version 10.0? (Select two.)

A. create a quarantine incidentB. deliver the message to the Outlook spam folderC. send notification to the administratorD. terminate the sender's connectionE. create an informational incident



QUESTION 11There is a firewall in place between Symantec Messaging Gateway 10.0 and the Internet at the customer site.An administrator needs to use an external NTP server on the Internet for time synchronization. Which port mustbe open on the firewall to allow this?

A. 22B. 389C. 80D. 123



QUESTION 12What is a valid configuration option for Symantec Messaging Gateway 10.0?

A. one Control Center, one combination control center/scannerB. one Control Center, three scanners, and one Report CenterC. one combination control center/scanner, and 3 scannersD. two scanners and one LiveUpdate server



QUESTION 13What is required before completing the bootstrap process of the Symantec Messaging Gateway 10.0appliance?

A. 30-day temporary license fileB. DNS server IP addressC. SSH access to the applianceD. MX record created for appliance



QUESTION 14

If recipient validation is configured properly, which SMTP response level is given to messages that fail recipientvalidation queries at connect time?

A. 3xx - Service unavailableB. 4xx - Temporary delivery failureC. 5xx - Permanent delivery failureD. 6xx - Rejected validation failure



QUESTION 15Which feature places a sender's IP address in a penalty box for sending messages to multiple invalid emailaddresses?

A. Local Bad Sender IPsB. Directory Harvest AttackC. Bounce Attack DetectionD. Connection Classification



QUESTION 16Which two tasks can an end-user perform while logged in to the Control Center when authentication andaddress resolution are enabled? (Select two.)

A. configure personal suspect spam scoringB. configure personal Good and Bad Sender listsC. configure personal language preferencesD. configure personal content filtering policiesE. configure personal email digest preferences

Correct Answer: BCSection: (none)Explanation


QUESTION 17An organization has an extremely large LDAP database. What is done in Symantec Messaging Gateway 10.0that will help prevent mail from backing up in the system during the initial directory building process?

A. reduce the length of time that logs and quarantine items are kept in the databaseB. configure the control center to download the complete directory of users each nightC. the appliance fails open during the initial phase of deployment to prevent email from backing up during the

initial directory building processD. preload the directory data cache



QUESTION 18Which two functions of Symantec Messaging Gateway 10.0 can use information retrieved from a directory datasource? (Select two.)

A. masqueradingB. routingC. annotationD. reputationE. authentication

Correct Answer: BESection: (none)Explanation


QUESTION 19When configuring remote logging, where are the logs redirected?

A. the primary control centerB. Symantec System Incident Manager (SSIM)C. Application EventlogD. syslog



QUESTION 20Which log would an administrator access to determine why an email was deleted by the scanner?

A. Update.logB. Message Audit logsC. Admin Audit logs

D. Messaginglog.log



QUESTION 21Which logs will help an administrator determine why antispam rules have failed to update?

A. Antispam Update logsB. LiveUpdate logsC. Conduit logsD. Appliance syslog



QUESTION 22Having received a targeted attack from a spoofed email domain, a company wants to take advantage of DKIMvalidation for inbound mail. The messaging administrator has enabled sender authentication and DKIMvalidation and now needs to configure a content filtering policy to quarantine any messages that fail. Whichcondition should be met for the content filtering policy to fire?

A. The envelope sender email address contains "dkim=fail".B. The message header contains "dkim=fail".C. The file metadata MIME type is "dkim=fail".D. The text in the subject, body, or attachments contains "dkim=fail".



QUESTION 23How does enabling and configuring sender authentication options in Symantec Messaging Gateway 10.0 helpto protect against spam?

A. by protecting against messages sent from trusted partnersB. by protecting against messages sent using a Sendmail MTAC. by protecting against messages with a forged message IDD. by protecting against messages with forged sender domains

Correct Answer: D

Section: (none)Explanation


QUESTION 24What is an advantage of Symantec Content Encryption over TLS encryption?

A. ensures compliance with government-mandated regulationsB. TLS encryption provides better security than content encryption.C. may be implemented without requiring SSL certificates for each scannerD. ensures secure end-to-end delivery of sensitive messages



QUESTION 25Symantec Messaging Gateway 10.0 includes a policy-based encryption feature. How is this new featurelicensed?

A. The license is included with Symantec Protection Suite.B. The license is included with Symantec Messaging Gateway 10.0.C. The license is included with Symantec Content Encryption.D. The license is available with a PGP Universal license.



QUESTION 26Which command allows the administrator to track messages from the command line interface (CLI)?

A. track messageB. monitorC. malqueryD. message query



QUESTION 27

Which command is used to collect the configuration and log files from the command line interface (CLI)?

A. diagnosticsB. mallogC. collect-logsD. cc-config



QUESTION 28An administrator needs to determine which policies have triggered for a particular message. Whichtroubleshooting tool will help to identify issues with policy precedence and actions?

A. Incident Match logB. Filtering Policy reportC. Filtering Precedence Exception reportD. Message Audit log



QUESTION 29An administrator recently investigated the debug logs for Symantec Messaging Gateway 10.0 and resolved anissue. A few days later the administrator discovers that the disk storage is filling up quickly. What is the likelycause?

A. logging severity is set to AllB. local log level is set to DebugC. logging severity is set to InformationalD. remote syslog server is down



QUESTION 30An employee reports that a message sent to a customer was never received by the customer. The employeeprovides sufficient information for the administrator to find the message using the Message Audit log. Theemployee wants to know where that

message has gone. Which section of the Message Audit log detail page will provide this information?

A. message dataB. actions takenC. intended recipientsD. authenticated username



QUESTION 31Where does an administrator specify how often a report is run?

A. Reports -> ScheduleB. Reports -> Create a ReportsC. Reports -> Favorite ReportsD. Reports -> Schedule Reports



QUESTION 32Which additional Email Reports Data collection must be enabled to track Top Probe Accounts via reports?

A. Spam and Unwanted MailB. SubmissionsC. Sender IP connectionsD. Invalid Recipients



QUESTION 33Which two report file formats are available in Symantec Messaging Gateway 10.0 for executive summaryreports? (Select two.)

A. CSVB. PDF

C. DOCXD. XMLE. HTML



QUESTION 34Which two features of Symantec Messaging Gateway 10.0 can be implemented to address the need of DataLoss Prevention (DLP)? (Select two.)

A. setup content filtering rules using pre-defined content category dictionariesB. setup connection to any industry standard DLP productC. setup content filtering rules to strip out any executable contentD. enforce antivirus scanning for all outbound emailE. setup connection to Symantec's DLP Enforce product



QUESTION 35On which two servers can the administrator remediate Data Loss Prevention (DLP) incidents? (Select two.)

A. The destination mail server, such as Microsoft Exchange or Lotus Domino.B. The Symantec Messaging Gateway Scanner.C. The Symantec Messaging Gateway Control Center.D. The Symantec DLP Network Prevent server.E. The Symantec DLP Enforce server.

Correct Answer: CESection: (none)Explanation


QUESTION 36The administrator of a Japanese organization wants to view dates and times within the web-based interface ofSymantec Messaging Gateway 10.0 in Japanese format. Which step during the site setup wizard allows theadministrator to meet this requirement?

A. System Locale SetupB. Language SetupC. Country SetupD. Time Zone Setup



QUESTION 37Which networking parameter can be configured during site setup wizard?

A. MTU sizeB. DNS serverC. default gatewayD. virtual IP address



QUESTION 38After the bootstrap process is completed, which action is unavailable through the web- based interface?

A. selecting the time zoneB. defining the Messaging Gateway roleC. changing the administrator's passwordD. defining the IP address of the DNS server



QUESTION 39Which two should be verified in the Message Audit log when testing a message against a newly createdcompliance policy? (Select two.)

A. message queue IDB. verdictC. actions takenD. policy nameE. message ID

Correct Answer: BCSection: (none)Explanation


QUESTION 40Which two can be used to verify that Symantec Messaging Gateway 10.0 is processing messages? (Selecttwo,)

A. view the Message Audit logB. view the Fastpass logC. view message headersD. view the invalid recipients headerE. view the Admin Audit log

Correct Answer: ACSection: (none)Explanation


QUESTION 41In addition to a configured seed, which other characteristic does Symantec Messaging Gateway 10.0 use tocreate a unique tag for Bounce Attack Prevention?

A. message IDB. IP addressC. fully qualified hostnameD. date



QUESTION 42A Symantec Messaging Gateway 10.0 administrator is creating a new spam policy and needs to choose amessage condition. Which two are valid message conditions? (Select two.)

A. a message that contains a header from DLPB. a message that is spam or suspected spamC. a message that contains prepended notationD. a message that is unscannableE. a message that fails bounce attack validation



QUESTION 43Probe accounts should be created from which source of email addresses?

A. automatically generated using the built-in toolB. addresses of previous employeesC. current NDR reports

D. invalid recipient lists



QUESTION 44A Symantec Messaging Gateway 10.0 administrator needs to prevent bounce attacks. Where should theadministrator enable this feature?

A. Bad Senders policyB. Antivirus policyC. Directory Harvest Attack policyD. Antispam policy



QUESTION 45After a configurable period of time, a suspect virus is released from the Suspect Virus Quarantine. Whathappens to it next?

A. An alert is sent to the email administrator.B. The attachment is removed and the original message is delivered to the recipient.C. It is rescanned.D. It is moved to quarantine.



QUESTION 46Which listener accepts messages from the Brightmail Engine for carrying out actions based on the renderedverdicts?

A. InboundB. ConduitC. MTE

D. MTA



QUESTION 47Which URL must be accessed to successfully register a newly added Symantec Messaging Gateway 10.0license file?

A. aztec.brightmail.comB. license.symantec.comC. register.brightmail.comD. register.symantec.com



QUESTION 48Which MTA operation is used if queues need to be drained to remove a host from use and continue scanningand delivery of messages?

A. delete the Scanner from the Control Center so that it is no longer usedB. set the Scanner configuration to "Pause message scanning and delivery"C. set the Scanner configuration to "Do not accept incoming messages"D. disable the Conduit so that new messages are not accepted



QUESTION 49During which phase of inbound message flow does Symantec Messaging Gateway 10.0 accept, reject, or defermessages on the basis of the message envelope?

A. SMTP deliveryB. SMTP firewallC. SMTP sessionD. Connection Classification



QUESTION 50Which two options are valid for pre-configured actions for the language identification feature in SymantecMessaging Gateway 10.0? (Select two.)

A. hold message received in the following languages in the Suspect Spam QuarantineB. do not receive mail in the following languagesC. send notification to the recipient for messages rceived in the following languages.D. only receive mail in the following languagesE. add an X-Bulk header to messages received in the following languages



QUESTION 51Which two actions must be taken to allow end-users to create personal Good and Bad Senders lists? (Selecttwo.)

A. add "Hold message in Spam Quarantine" action to Local Bad Senders domainsB. check the option "Enable end-user settings for this policy group"C. configure an LDAP source with Authentication and Recipient Validation functionsD. configure an LDAP source with Authentication and Routing functionsE. configure an LDAP source with Authentication and Address Resolution functions



QUESTION 52What happens to a message after it has been identified as a suspect virus and placed into the suspect virusquarantine?

A. It is automatically deleted after 7 days.B. It is rescanned when the configured hold time has elapsed.C. It is stored in the Central Quarantine Server.D. It is forwarded to Symantec Security Response.



QUESTION 53

Which Symantec Messaging Gateway 10.0 feature will change the original domain of an internal user relayingmail outside of an organization?

A. address masqueradingB. address aliasing

C. domain mappingD. content filtering



QUESTION 54A customer receives large amounts of non-spam mail from thousands of different users, which consumessignificant resources on Symantec Messaging Gateway 10.0. Which feature should be enabled to improvesystem performance while minimizing the risk of false positives?

A. Creation of custom spam rules using SenderIDB. FastpassC. Domain whitelistingD. Sender authentication



QUESTION 55An administrator needs to determine whether a sending MTA is being throttled by Symantec MessagingGateway 10.0. Where is this information located?

A. Reputation Summary reportB. IP reputation lookup tableC. SMTP server logsD. message audit logs



QUESTION 56An organization wants to be extremely aggressive in identifying new and emerging virus threats. Which actionshould be recommended?

A. enable the use of rapid release definitionsB. enable zero-day virus protectionC. set the virus policy to automatically delete virusesD. set LiveUpdate to check for definitions every five minutes

Correct Answer: A



QUESTION 57True file typing is a feature used to combat which behavior?

A. intentionally malforming the MIME headers in order to bypass virus scanning of attachmentsB. removing or disguising extensions to bypass virus scanningC. obfuscating a directory harvest attackD. tricking users into launching executable files



QUESTION 58Outgoing messages need to be checked for specific words and phrases. Any messages containing the listedwords should be held for review. Which content filtering resource is used for this requirement?

A. DirectoriesB. DictionariesC. NotificationsD. Annotations



QUESTION 59An administrator works for a pharmaceutical company that distributes Drug X. A content filtering policy usingthe premium compliance "Prescription Drug Names" dictionary resource (which includes Drug X as apredefined phrase), blocks any email from the Marketing department containing the drug name. Marketing hasindicated that this is unacceptable but wishes to continue to block the use of other words or phrases in thatdictionary. How can the administrator adjust the resources used by the current content filtering policy to resolvethe Marketing department issue?

A. disable Drug X from the "Prescription Drug Names" dictionaryB. add Drug X to the "Prescription Drug Names" dictionaryC. enable Drug X in the "Prescription Drug Names" dictionaryD. delete Drug X from the "Prescription Drug Names" dictionary



QUESTION 60Which two actions are valid for a content compliance policy? (Select two.)

A. edit the message to delete the offensive contentB. add a header to the messageC. drop the connection to the offending mail serverD. forward the messageE. flag the message for further scanning



QUESTION 61The helpdesk consistently receives calls from end-users asking why some attachments are stripped from theiroutbound email messages. How can the messaging administrator configure the content policy to inform thesender when and why this occurs?

A. add a notification action to the content filtering policyB. enable message quarantine for outbound policy violationsC. add an action to create an end-user incidentD. add an action to modify the subject line



QUESTION 62How are content filtering policies different from spam and virus policies?

A. Content filtering policies use system-defined verdicts.B. Spam and virus polices use administrator-defined verdicts.

C. Spam and virus policies use system-defined verdicts.D. Content filtering policies use end user-defined verdicts.



QUESTION 63What must be done before using Spam Quarantine?

A. configure address resolutionB. configure groups to have a policy to quarantine messagesC. configure a partition for use by Spam QuarantineD. configure Spam Scan settings to identify suspected spam




QUESTION 64A message released from Spam Quarantine is delivered to the intended recipient. Under the defaultconfiguration, where is a copy of the misidentified message also sent?

A. [email protected]. Symantec Security ResponseC. the email address configured as the administrator for the control centerD. Symantec's Global Intelligence Network



QUESTION 65What two actions can allowed end-users do to submit samples to Symantec and have custom antispam rulescreated? (Select two.)

A. submit a sample to Symantec using the Email Submission ClientB. flag messages in their web-based SMG quarantine page as being spam and submitting the resultsC. forward spam samples to [email protected] with a subject of "MISSED SPAM"D. move the message into the included "Junk E-mail" folder available in OutlookE. submit a sample to Symantec using the Email Submission Client available for Lotus Domino

Correct Answer: ABSection: (none)Explanation


QUESTION 66What are two benefits of customer-specific spam rules? (Select two.)

A. provides a wizard style tool enabling administrators to create rules against spamB. provides a mechanism to quickly block local or targeted attacksC. enables the administrator to report spammers to Symantec Global Intelligence NetworkD. adds the IP of selected spammers to the lowest bucket in the Connection Throttling moduleE. provide fast protection against messages Symantec may not define as spam



QUESTION 67When should Connection Classification be enabled?

A. when Fastpass access is needed to log the connectionB. when deployed at the edge of the networkC. when another gateway handles the messages firstD. when handling mail for multiple internal domains



QUESTION 68When should Connection Classification be enabled?

A. when Fastpass access is needed to log the connectionB. when deployed at the edge of the networkC. when another gateway handles the messages firstD. when handling mail for multiple internal domains



QUESTION 69What happens to an IP listed in the Fastpass exclusions?

A. The IP will not be processed for spam, but will still be scanned for malware.B. The IP will be excluded from spam scanning.C. The IP will never get a Fastpass.D. The IP will be excluded from compliance scanning.



QUESTION 70When enabling Connection Classification, how many messages must be processed in learning mode beforemessages can be deferred?

A. 5,000B. 10,000C. 20,000D. 50,000



QUESTION 71A diagnostics package for a scanner-only appliance can be generated from the GUI in Symantec MessagingGateway 10.0. If the package is small (less than 5 MB), which transfer protocol type should be used by theadministrator to verify the diagnostics package before providing it to technical support for analysis?

A. SMTPB. download to desktopC. FTPD. SCP



QUESTION 72What should an administrator do before performing a software update of Symantec Messaging Gateway 10.0?

A. store backup on local serverB. store backup on a remote location using FTPC. encrypt local backupD. purge all backups from the appliance



QUESTION 73Which command line interface (CLI) command displays the update.log to check the progress of a softwareupdate of Symantec Messaging Gateway 10.0?

A. tailB. watchlogC. update.plD. version -l



QUESTION 74Before performing a software update on a scanner-only appliance, which MTA operation/mode should bechosen if there are messages in the queues?

A. pause the MTAB. flush all delivery queuesC. pause message scanning and deliveryD. do not accept incoming messages



QUESTION 75How could an administrator improve Control Center performance of Symantec Messaging Gateway 10.0?

A. increase the log rotation frequencyB. increase the number of service threadsC. reduce the amount of reporting dataD. restrict user access to the spam quarantine



QUESTION 76An employee reports that a message sent to a customer was rejected. The employee provides sufficientinformation for the administrator to find the message using the Message Audit log. The employee wants toknow why that message was blocked. Which section of the Message Audit Log detail page would provide thisinformation?

A. Verdict(s)B. Action(s)C. IP Blocklist Lookup ToolD. Block Reason



QUESTION 77Symantec Messaging Gateway 10.0 is running out of disk space due to storing extended logs. Theadministrator is required to store extended log data for more than a year. Which action should the administratortake?

A. lower the maximum log storage limitB. deploy Control Center on virtual appliance and add more disk spaceC. configure remote loggingD. add higher capacity disks to appliace RAID array



QUESTION 78After configuring the directory data source, which tab must be selected to configure Invalid Recipientsfunctionality?

A. Administration tabB. Protocols tabC. Reputation tabD. DHA tab



QUESTION 79By default, which port does Symantec Messaging Gateway 10.0 use to retrieve updated spam definitions?

A. 389B. 443C. 8080D. 41002

Correct Answer: B



QUESTION 80What will trigger a spam policy by default in Symantec Messaging Gateway 10.0?

A. adding a text file attachment with the word SPAM to the messageB. inserting the header X-Bulk: into the message headerC. prepending the subject line of the message with the following: [SPAM TEST]D. inserting the header X-Advertisement: spam into the message header



QUESTION 81Which feature, when enabled through the directory data sources, allows third party MTAs the ability to relaythrough Symantec Messaging Gateway 10.0 and protects it against becoming an open relay?

A. MTA verificationB. Recipient address validationC. TLS certificate authenticationD. SMTP authentication



QUESTION 82

Which Symantec Messaging Gateway 10.0 feature improves responsiveness to new spam threats andincreases overall antispam effectiveness?

A. rapid release definitionsB. FastpassC. microupdatesD. real time updates



QUESTION 83An organization is receiving spam because of small targeted attacks from unknown senders. Which SymantecMessaging Gateway 10.0 feature should help slow down these types of attacks?

A. Global Bad Senders listB. directory harvest attack preventionC. Global reputation analysisD. Connection classification



QUESTION 84What is the source of information used to populate the Global Good and Global Bad senders list?

A. Multiple DNS-based IP reputation servicesB. Proprietary feed from MessageLabsC. Reputation data from the Symantec Global Intelligence NetworkD. Global reputation data from Symantec Protection Center



QUESTION 85Symantec Messaging Gateway 10.0 will be deployed to receive mail directly from the Internet. In this situation,which option should be selected within the Inbound Mail Filtering - Accepted Hosts step of the site setupwizard?

A. enable MX lookupB. define a list of domainsC. specify IP addresses/domainsD. select all IP addresses



QUESTION 86The Symantec Messaging Gateway 10.0 appliance will be deployed with the following topology: Internet DefaultGateway (10.10.10.1) <--> Email Gateway (10.10.10.11) <- -> Symantec Messaging Gateway (10.10.10.21) <--> Internal Mail Server (10.10.10.31) Which IP address should be specified in the Mail Filtering - Non-local MailDelivery page of the site setup wizard?

A. 10.10.10.1B. 10.10.10.11C. 10.10.10.21D. 10.10.10.31



QUESTION 87During the installation and configuration process, when will Symantec Messaging Gateway 10.0 require accessto the network?

A. prior to the bootstrap processB. when defining the DNS serverC. when defining the Gateway addressD. prior to accessing the site setup wizard



QUESTION 88What is required before attempting installation of the Symantec Messaging Gateway 10.0 appliance?

A. console access to the appliance

B. DVD-ROM drive listed on hardware compatibility listC. valid license fileD. machine account created in Active Directory



QUESTION 89Which TCP port is used for communication between the Control Center and the scanner(s)?

A. 41001B. 41002C. 41004D. 41080

Correct Answer: B



QUESTION 90Where are options for backup and restore of Symantec Messaging Gateway 10.0 located?

A. Administration -> VersionB. Administration -> UtilitiesC. Administration -> Restore/DownloadD. Administration -> Updates



QUESTION 91Following the leak of confidential business contracts, a company's Legal department mandates that alloutbound communication from the Finance department must be secure at all times. Which two policy strategiescan help the messaging administrator accomplish this in Symantec Messaging Gateway 10.0? (Select two.)

A. deliver message using TLSB. block direct client access to corporate email serversC. deliver message with notificationD. deliver message with content encryption

E. configure firewall to only accept outbound SMTP connections from the Symantec Messaging Gatewayscanners

Correct Answer: ADSection: (none)Explanation


QUESTION 92What are two benefits of using attachment list policy resources in Symantec Messaging Gateway 10.0? (Selecttwo.)

A. can help prevent confidential information from leaving the companyB. can provide another level of defense against malwareC. can increase message processing speedD. can protect against drive-by downloadsE. can help prevent directory harvest attack (DHA)



QUESTION 93In which two situations are multiple group policies useful? (Select two.)

A. when the entire organization wants to delete spamB. when only the Human Resources department wants to receive spamC. when only the Engineering department wants to keep message logsD. when only the Legal department should be allowed to send archive filesE. when all of the departments want to scan outbound messages



QUESTION 94Legitimate email from xCorp is being rejected by Symantec Messaging Gateway 10.0 at ZZ Inc. How can a ZZInc. email administrator troubleshoot this issue?

A. Add the xCorp MTA IP address to the Fastpass table.B. Add the xCorp MTA IP address to the Global Good Senders list.C. View the reputation of the xCorp MTA using the Spamhaus IP Address Lookup Tool.D. View the reputation status of the xCorp MTA IP address via the IP Reputation lookup tool.



QUESTION 95What is the default action taken during an email virus attack?

A. delete the messageB. throttle the network connectionC. reject SMTP connectionD. defer SMTP connection



QUESTION 96With Fastpass enabled, which two verdicts may be excluded for messages with a pass? (Select two.)

A. SpamB. Suspected SpamC. VirusD. Suspected VirusE. Compliance



QUESTION 97What can administrators do in order to receive custom anti-spam rulesets?

A. forward spam samples to [email protected]. log a support case and submit samples to Symantec for analysisC. create a content filter rule to block the message based on the spam sampleD. enable the customer-specific rules feature and submit unwanted messages



QUESTION 98Which two statistics can the administrator view regarding the custom anti-spam rulesets? (Select two.)

A. the "top-submitters" of missed spam or false positive detectionsB. the "top submitters" of messages that are not valid and did not generate a custom ruleC. how many emails have been submitted for custom antispam rulesD. the effectiveness of the custom antispam rulesets compared to Symantec's rulesetsE. the top senders of messages detected by custon antispam rulesets



QUESTION 99A company uses multiple control centers. What must be done to ensure legitimate NDRs are recognized byBounce Attack Prevention across all scanners?

A. configure the same seed value on each control centerB. configure the same administrator email address across both control centersC. configure the same seed value on each scannerD. configure both control centers with the same internal email hosts



QUESTION 100What is the maximum number of rows a report can have?

A. 100 rowsB. 1,000 rowsC. 10,000 rowsD. 100,000 rows



QUESTION 101What is the default report data retention period?

A. 7 daysB. 14 daysC. 28 daysD. 90 days



QUESTION 102An administrator wants to ensure high performance and failover access between the LDAP servers andSymantec Messaging Gateway 10.0. Which configuration mode will help ensure this?

A. configure DNS to accept dynamic updatesB. setup multiple LDAP sourcesC. round robin DNSD. scanner load balancing



QUESTION 103Which directory data source function must be enabled to help prevent a directory harvest attack?

A. Active Directory connectorB. Dynamic Data SourcingC. LDAP authenticationD. Recipient validation



QUESTION 104An organization would like to participate in the Symantec Probe Network without having to manually createdecoy email accounts. The organization wants to make sure that the addresses that participate in the SymantecProbe Network are currently receiving email. Which directory data source function should be enabled to help inthis situation?

A. recipient validation

B. address resolutionC. SMTP authenticationD. LDAP routing



QUESTION 105How does Symantec DLP communicate with Symantec Messaging Gateway (SMG) to indicate what type ofincident (if any) is related to a given message?

A. Symantec DLP uses the ICAP protocol to indicate if a message is clean, or if it violated any defined policies.B. Symantec DLP will add information into the message that can be interpreted by SMG and then send it to

SMG via SMTP.C. Symantec DLP will quarantine messages that violate established policies, blocking it from SMG.D. Symantec DLP will use TLS to send a notification message to the SMG server for any content violations.



QUESTION 106What are two functions of the Control Center? (Select two.)

A. It provides message management services.B. It downloads spam definitions.C. It hosts Spam Quarantine.D. It downloads virus definitions.E. It runs filters.



QUESTION 107During which phase of outbound message flow does Symantec Messaging Gateway 10.0 determine whetherthe number of recipients exceeds the good number of recipients per message?

A. message routingB. message deliveryC. outbound SMTP sessionD. outbound SMTP connection



QUESTION 108How should an administrator stop inbound mail using the command line interface (CLI)?

A. use mta-controlB. use mta-stopC. use mail-controlD. use mail-stop



QUESTION 109How can an administrator view log data in real time?

A. in the UI select Reports -> view logsB. from the command line interface (CLI) run the watchlog -l commandC. from the command line interface (CLI) run the tail -f commandD. from the command line interface (CLI) run the monitor -f command



QUESTION 110What is the function of a sender authentication scheme?

A. to check the IP reputation of a sending MTA at connection timeB. to verify that the sending MTA is authorized to send mail for a given domainC. to enforce two-factor authentication between sending and receiving MTAsD. to ensure that senders using content encryption can bypass spam scanning



QUESTION 111When configuring DKIM signing, how should the domain key generated from the public RSA key be published?

A. as a text record in the DNS zone for the sending domainB. in plain text as part of the SMTP outbound greetingC. as a .txt file on the Internet facing the Symantec Messaging GatewayD. as a .txt file on the sending domain corporate website



QUESTION 112What is one effect of deploying a Symantec Messaging Gateway scanner between an Internet email gatewayand the internal groupware mail server?

A. Symantec Messaging Gateway delivery queues may backup due to the network latency of an extra hop.B. Symantec Messaging Gateway scanners might identify the IP address of the internal gateway MTA as a

source of spam.C. Symantec Messaging Gateway scanners will not be able to provide antispam services.D. Symantec Messaging Gateway scanners will grant the internal gateway MTA a Fastpass.



QUESTION 113Which prerequisite must be met to take advantage of the Connection Classification and Fastpass features?

A. Symantec Messaging Gateway must use a virtual IP address.B. Symantec Messaging Gateway must be configured with two network interfaces.C. Symantec Messaging Gateway must be the first SMTP hop into the network.D. Symantec Messaging Gateway must be configured in scanner-only mode.



QUESTION 114What is the current name of the LDAP synchronization technology used within the Symantec MessagingGateway?

A. Dynamic Data CacheB. Directory Data ServiceC. Active DirectoryD. Domain Controller Interface (DCInterface)



QUESTION 115Which Directory Data Source function must be configured to enable end-user spam quarantine?

A. SMTP authenticationB. address resolutionC. recipient validationD. authentication



QUESTION 116What is the integrated encryption action within Symantec Messaging Gateway 10.0?

A. deliver messages with S/MIME encryptionB. deliver messages with content encryptionC. deliver messages using TLS

D. deliver messages with PGP encryption



QUESTION 117What is the default time period that a suspect virus can reside in the Suspect Virus Quarantine?

A. 6 hoursB. 12 hoursC. 24 hoursD. 48 hours



QUESTION 118Bounce attack prevention is enabled. An incoming non-delivery report (NDR) is received and its signature failsto be verified. What does Symantec Messaging Gateway 10.0 do with the message by default?

A. forwards it to the administratorB. rejects the messageC. forwards it to suspect spamD. sends it to Symantec Security Response



QUESTION 119An administrator tests the default antivirus policies by sending a message with an encrypted attachment. Whenthe administrator checks the recipient inbox, what appears?

A. The test email appears with a modified subject line.B. A system-generated message appears concerning an unscannable attachment.C. A message with a pointer to the Suspect Virus Quarantine appears.D. The email is missing due to deletion by the system.



QUESTION 120How could an administrator filter email more aggressively by adjusting the suspected spam score?

A. Raise the suspected spam score from the default to 99.

B. Lower the suspected spam score from the default to 60.C. Lower the suspected spam score from the default to 75.D. Raise the suspected spam score from the default to 72.



QUESTION 121Which type of information can be found on the Status dashboard of Symantec Messaging Gateway 10.0?

A. System uptime, licenses installed, and software versionB. Inbound SMTP Authorization SummaryC. Top Content Filter Sender SummaryD. Inbound Email Message Summary




Documents

Symantec Messaging Gateway 10.0. Technical Assessment · PDF fileSymantec Messaging Gateway 10.0 is certified for non-virtual deployment on which hardware devices? A. Symantec 2950