850-001

Exam 850-001

Title Cloud Security 1.0

Updated Version: 4.0

Product
91 Q & A with Explanation
Type

“Best Material, Great Results”. www.certkingdom.com 1

 850-001

QUESTION 1
A company is reaching their maximum CPU load for their email and Web servers, and begins
investigation of public IaaS cloud bursting. The company is concerned about complex attack
vectors launched against the hosted systems. To protect the assets, a number of Symantec
security products will also be migrated. Which Symantec security solution provides continuous
system visibility across all devices and facilitates detection of complex attack vectors?

A. Critical System Protection

B. Security Information Manager
C. Gateway Security
D. Endpoint Protection with Network Threat Protection

Answer: B

Explanation:

QUESTION 2
What is the most effective strategy for an IT professional to implement an IT governance, risk, and
compliance solution in a private cloud?

A. use a checkbox approach to gather IT controls manually to identify high-risk vulnerabilities

B. utilize Excel spreadsheets, email-based questionnaires, or SharePoint sites to thoroughly
document IT controls
C. ensure anti-virus is deployed on all critical assets to stay ahead of threats and avoid data
breaches
D. put an automated program in place to identify vulnerabilities and security gaps and to track
remediation

Answer: A

Explanation:

QUESTION 3
Which factor exists in many organizations that inhibits an effective IT Governance, Risk, and
Compliance program?

A. High-level reports and dashboards provide a C-Level view of the enterprise risk posture.
B. Policies tied to controls are defined to address multiple regulations and frameworks.
C. Technical controls on assets from multiple business units are regularly evaluated to determine
aggregate risk.
D. Numerous assessment tools are deployed throughout the enterprise, generating vendorspecific
reports.

Answer: D

“Best Material, Great Results”. www.certkingdom.com 2

 850-001

Explanation:

QUESTION 4
An enterprise is in the process of moving application servers to a cloud-based IaaS platform.
Which technology should an IT professional use to assess the risk of the IT assets in a business
context?

A. Symantec Control Compliance Suite

B. Symantec Critical Systems Protection
C. Symantec Data Loss Prevention
D. Symantec Validation and Identity Protection

Answer: D

Explanation:

QUESTION 5
A cloud service customer is facing application failure and data corruption in their virtual
infrastructure. The IT department has asked for a solution that will scan for rogue virtual machines,
which will reduce the security risk in physical and virtual infrastructure. Which solution can fulfill
the requirement?

A. Symantec Critical Systems Protection

B. Symantec Control Compliance Suite
C. Symantec Endpoint Protection
D. Symantec Security Information Manager

Answer: B

Explanation:

QUESTION 6
What can a hosted Symantec Data Loss Prevention solution do to protect confidential data in an
outgoing email?

A. modify the email attachment content to remove confidential information

B. add a header to an email to route to an encryption gateway
C. use a Flex Response plug-in to modify the email header
D. modify the email body to redirect to a quarantine location

Answer: B

Explanation:

“Best Material, Great Results”. www.certkingdom.com 3

 850-001

QUESTION 7
A large international wealth management firm has a liberal mobile device policy for its employees.
During the pre-adoption period, strategic documents are accessed and saved to the mobile
devices by the workforce. Which data security technology stops employees from sending these
documents to unauthorized parties?

A. data loss protection technologies

B. two-factor authentication technologies
C. web filtering technologies
D. encryption technologies

Answer: C

Explanation:

QUESTION 8
A company is invested heavily in migrating their IT infrastructure to an IaaS cloud provider. It is
determined that the storage infrastructure of the service provider resides in a country with weak
laws on data privacy. As a result, the cloud service provider may be required to turn over the
company's data for legal review. Which action could the company take to prevent the cloud
service provider from disclosing the company's data?

A. require the service provider to encrypt the data

B. migrate the infrastructure to a new cloud provider
C. implement their own legal discovery solution
D. implement their own encryption solution

Answer: D

Explanation:

QUESTION 9
What is a valid security concern when designing a cloud architecture that heavily leverages SaaS
providers?

A. lack of a metered model from the cloud provider

B. inefficient workflows for change control
C. inherent flaws in web-based applications
D. inability to support iOS devices

Answer: C

Explanation:

QUESTION 10
An organization has mandated that workflow for certain SaaS applications must travel over slower

“Best Material, Great Results”. www.certkingdom.com 4

 850-001

leased lines and through the company's cloud in order to mitigate security concerns of the CISO.
Which end user behavior vulnerability can this cause?

A. waiting until close of business to send their data

B. lack of concern with international charges
C. finding an alternate network path
D. disabling personal firewall to maximize bandwidth

Answer: C

Explanation:

QUESTION 11
Which action addresses a risk inherent to the public cloud model?

A. harden applications sufficiently for multi-tenant environments

B. revert a public cloud to a private cloud during an emergency
C. apply anti-spam measures on the endpoint accessing the cloud
D. activate deduplication on the cloud-based storage

Answer: A

Explanation:

QUESTION 12
A company has decided to implement "cloud bursting" to allow their production environment to
scale to any size by utilizing on-demand connections to a public cloud IaaS infrastructure. Which
solution allows the IT department to protect against VM hopping?

A. data loss prevention

B. anti-virus / anti-spam
C. data and mail encryption
D. host intrusion prevention

Answer: A

Explanation:

QUESTION 13
A current customer's cloud service provider is undergoing a merger and acquisition process. This
increases the likelihood of a strategic shift to the customer's business operations and may put
non-binding agreements at risk, as well as make compliance with security requirements
impossible. How is this cloud provider acquisition risk categorized?

A. policy and organizational

B. technical

“Best Material, Great Results”. www.certkingdom.com 5

 850-001

C. lock-in
D. non-cloud specific

Answer: A

Explanation:

QUESTION 14
A cloud service provider administrator has discovered that someone is attempting to determine
which servers and operating systems are running on a tenant's network by using network
mapping. How is this risk categorized?

A. policy and organizational

B. technical
C. legal
D. non-cloud specific

Answer: B

Explanation:

QUESTION 15
A cloud customer has determined that their data is being held in multiple geographic locations.
They are concerned that these sites will be raided by local authorities and their data or systems
are subject to disclosure or seizure. Which risk category does this type of risk fall into?

A. policy and organizational

B. technical
C. legal
D. non-cloud specific

Answer: C

Explanation:

QUESTION 16
Refer to the exhibit.

“Best Material, Great Results”. www.certkingdom.com 6

 850-001

Which type of policy and organizational risk is circled in red on the cloud infrastructure diagram?

A. lock-in
B. compliance challenges
C. loss of Quality of Service
D. co-tenant issues

Answer: B

Explanation:

QUESTION 17
In order to achieve greater scalability, a CIO has mandated that a specific set of processes and
data move to a cloud environment. These assets include: - Company email requiring anti-spam
protection - Proprietary database with specific infrastructure requirements - Point-of-sale
application and process for retail purchases. Which service and deployment model could support
all of these assets?

A. Infrastructure as a Service, hosted in a private cloud

B. Platform as a Service, hosted in a public cloud
C. Software as a Service, hosted in a private cloud
D. Software as a Service, hosted in a public cloud

Answer: A

Explanation:

“Best Material, Great Results”. www.certkingdom.com 7

 850-001

QUESTION 18
A company is moving to the cloud. Because of DDOS attacks, it would like to start by moving
email to the cloud. The company is small, with fewer than 200 users. What is the most costeffective
deployment model for this company to begin using?

A. IaaS community
B. IaaS public
C. PaaS hybrid
D. SaaS public

Answer: C

Explanation:

QUESTION 19
Several government agencies collaborate extensively, sharing a variety of tools, processes, and
data. Data shared by the organizations is highly sensitive, and risk tolerance for data loss or
exposure is extremely low. Which type of cloud solution is appropriate in this scenario?

A. internally-hosted infrastructure providing a community cloud

B. internally-hosted infrastructure providing a private cloud
C. externally-hosted infrastructure providing a community cloud
D. externally-hosted infrastructure providing a private cloud

Answer: A

Explanation:

QUESTION 20
A large enterprise that is currently supported by a very large IT infrastructure and experienced
staff would like to offer individual Business Units (BUs) the ability to use local servers and storage
on an as-needed basis. The BUs would then be charged accordingly, based on their individual
usage. Which cloud service and deployment model combination provides an appropriate solution?

A. Platform as a Service, public cloud

B. Platform as a Service, private cloud
C. Infrastructure as a Service, public cloud
D. Infrastructure as a Service, private cloud

Answer: D

Explanation:

QUESTION 21
An IT security professional at a large US-based manufacturing company has decided to deploy
and manage a host intrusion detection solution to assist with their migration to a cloud

“Best Material, Great Results”. www.certkingdom.com 8

 850-001

environment. Which cloud environment will benefit from this solution?

A. multi-tenant SaaS
B. hybrid SaaS
C. multi-tenant IaaS
D. multi-tenant PaaS

Answer: C

Explanation:

QUESTION 22
A potential cloud customer is concerned about the proprietary nature of the tools, procedures, and
data formats used by their cloud provider. Which type of risk does the customer's concern
exemplify?

A. lock-in
B. isolation failure
C. compliance
D. management interface compromise

Answer: A

Explanation:

QUESTION 23
A customer using a cloud service provider that has datacenters with replicated databases across
all of North America is experiencing a conflict between Country A's and Country B's e-discovery
laws on the privacy of certain personal information. The government of Country A says if there is a
compelling reason, they are able to see data in their jurisdiction. Country B's laws say that certain
data of Country B's citizens is protected and is never to be disclosed. Which type of security issue
does this scenario depict?

A. data classification
B. data location
C. data replication
D. data encryption

Answer: B

Explanation:

QUESTION 24
An enterprise uses a machine image from a Cloud Service Provider's user community. Which risk
will most likely result in machine compromise?

“Best Material, Great Results”. www.certkingdom.com 9

 850-001

A. existing history files

B. existing environment variables
C. non-default password hash files
D. unauthorized SSH keys

Answer: D

Explanation:

QUESTION 25
A small business wants to extend its custom application into the cloud. The business opts to use
an IaaS with a prebuilt machine image provided within the Cloud Service Provider's user
community. After deployment, the business's inbound network-use charges are far higher than
the network utilization measured against the internal application. What is a possible cause of the
increased inbound network traffic?

A. There is a distributed denial of service against the application.

B. The service is experiencing an end of quarter spike in utilization.
C. The provider has additional monitoring deployed.
D. The Cloud Service provider uses QoS traffic shaping.

Answer: A

Explanation:

QUESTION 26
A potential cloud customer is concerned about network performance over the Internet and the
amount of data involved when performing a specific cloud-based business operation. Which public
cloud feature would experience the greatest performance impact from these limiting factors?

A. data maintained and processed in the cloud

B. backup to the cloud and recovery policies and procedures
C. SaaS solutions extended to the client by the service provider
D. processing authentication requests

Answer: B

Explanation:

QUESTION 27
What is a key benefit of Symantec Critical System Protection for VMware vSphere 5.0?

A. provides agent-based monitoring of VMware ESXi hypervisors

B. protects vCenter against insider abuse and external attacks
C. facilitates inter-VM communication to protect the VMware ESXi hypervisor
D. prevents a Guest OS from being rolled back to an unpatched, unsecured state

“Best Material, Great Results”. www.certkingdom.com 10

 850-001

Answer: B

Explanation:

QUESTION 28
Which Symantec solution helps to safeguard dynamic virtual infrastructures by providing Center
for Internet Security (CIS) technical standards for evaluating and reporting the configuration of
VMware ESX/ESXi?

A. Symantec Data Loss Prevention

B. Symantec Endpoint Protection
C. Symantec Critical Systems Protection
D. Symantec Control Compliance Suite

Answer: D

Explanation:

QUESTION 29
Which virtualization integration solution enables customers to automatically separate virtual
machines that contain sensitive information from those that contain non-sensitive information?

A. Symantec Control Compliance Suite and VMware vShield Zones

B. Symantec Critical Systems Protection and VMware vShield App and Data Security
C. Symantec Managed Security Services and VMware vShield Manager
D. Symantec Data Loss Protection and VMware vShield App and Data Security

Answer: D

Explanation:

QUESTION 30
Which function of Symantec Critical Systems Protection protects VMware environments without
impacting performance?

A. deduplicates scanning of identical files across multiple VMware machines

B. prevents multiple VMware machines from performing security processing at the same time
C. detects changes to files of virtualized compliance-controlled assets
D. creates a standard, safe, white-list VMware image

Answer: C

Explanation:

“Best Material, Great Results”. www.certkingdom.com 11

 850-001

QUESTION 31
Which virtualization integration solution provides the ability to schedule automated scans for
reporting on virtual image platform states as well as perform vulnerability scans of critical virtual
assets?

A. Symantec Control Compliance Suite and VMware vCenter

B. Symantec Managed Security Services and VMware vShield Edge
C. Symantec Critical Systems Protection and VMware vSphere
D. Symantec Security Information Manager and VMware vShield Log Collector

Answer: A

Explanation:

QUESTION 32
Which two features are most useful for efficiently protecting virtual endpoints in a cloud
environment when deploying Symantec Endpoint Protection? (Select two.)

A. virtual client tagging

B. virtual image exception
C. management platform firewall
D. virtual gateway
E. image encryption

Answer: A,B

Explanation:

QUESTION 33
A company's operations staff is concerned about managing public cloud assets. Their primary
concern is being notified in the Network Operation Center of key operating system events. Which
Symantec agent can be deployed to cloud assets for this purpose?

A. Data Loss Prevention

B. Endpoint Protection
C. Control Compliance Suite
D. Critical Systems Protection

Answer: D

Explanation:

QUESTION 34
A company wants to ensure that assets in an IaaS hybrid deployment are protected from malware
attacks. Symantec Endpoint Protection has been selected to protect the public assets. The
Symantec Endpoint Protection Management servers will remain in the private cloud, but there is

“Best Material, Great Results”. www.certkingdom.com 12

 850-001

concern about network performance for content distribution. Which Symantec Endpoint Protection
resource can be placed in the public cloud to alleviate performance concerns?

A. Shared Insight Cache

B. Replication server
C. Notification server
D. Group Update Providers

Answer: D

Explanation:

QUESTION 35
Which technology should an IT professional use to reduce the effective attack surface of a cloudbased
server?

A. Symantec Control Compliance Suite

B. Symantec Data Loss Prevention
C. Symantec Validation and Identify Protection
D. Symantec Critical Systems Protection

Answer: D

Explanation:

QUESTION 36
A company is considering several different cloud deployment models. The company needs the
ability to rapidly provision computing capabilities and services (such as server time, network
storage, and access) without requiring human interaction. How is this cloud service characteristic
categorized?

A. broad network access

B. measured service
C. resource pooling
D. on-demand self-service

Answer: D

Explanation:

QUESTION 37
A customer is considering moving to an on-premise private cloud deployment from a physical
infrastructure. Which business goal will be achieved by moving to this type of deployment?

A. transferred risk to the service provider

B. lowupfrontcost

“Best Material, Great Results”. www.certkingdom.com 13

 850-001

C. increased network performance

D. sustained infrastructure control

Answer: D

Explanation:

QUESTION 38
A company has deployed its web infrastructure in a public cloud and its email infrastructure in a
private cloud. The company needs to deploy hosted data loss prevention detection servers to
monitor web and email traffic. What is the certificate requirement for hosted data loss prevention
detection servers?

A. A unique certificate is needed for each hosted detection server in the public cloud only.
B. A unique certificate is needed for each hosted detection server in the private cloud only.
C. A unique certificate is needed for each hosted detection server in both public and private
clouds.
D. A unique certificate is needed for only one hosted detection server in both public and private
clouds.

Answer: C

Explanation:

QUESTION 39
A file server is placed in a hosted network to allow files to be exchanged between employees
located on or off the corporate network. All files placed on the file server must be encrypted to
ensure confidentiality, and the PGP Desktop has been installed on all client systems to help
facilitate the encryption requirement. Which encryption step must be taken in this situation?

A. encrypt the file server with PGP Whole Disk Encryption

B. configure the file server's network shares as PGP Virtual Disks
C. create a PGP Netshare with a membership of Everyone
D. use the PGP command line to access the file server

Answer: C

Explanation:

QUESTION 40
An enterprise deploys PGP in a Virtual Desktop Infrastructure (VDI) to protect data from wrongful
exposure as a result of VM theft. Which two cryptographic functions of PGP Desktop address
these concerns? (Select two.)

A. registry encryption
B. dynamic-link library encryption

“Best Material, Great Results”. www.certkingdom.com 14

 850-001

C. hard disk encryption

D. data loss protection
E. secure file deletion

Answer: C,E

Explanation:

QUESTION 41
A Symantec O 3 administrator needs to define a policy that allows sales employees to access
sales SaaS applications but prevents them from accessing accounting SaaS applications. User
identities must be verified with the company LDAP server. Which O 3 component can be used to
author this policy?

A. Intelligence Center
B. ID-link client
C. Gateway
D. IWA connector

Answer: A

Explanation:

QUESTION 42
An enterprise is managing their employee and partner user identities in separate directories. They
distribute and manage corporate laptop and mobile devices for all of their employees. For the
federated company HR cloud portal, they want to restrict access to PC-based systems only and
require two-factor authentication. Which SAML application configuration will an IT professional
implement in O 3 to effectively control access to this cloud application?

A. LDAP authentication and an access policy based on identity attributes stored in the employee
directory and the type of device used for access
B. VIP authentication and an access policy based on identity attributes stored in the partner
directory and the type of device used for access
C. LDAP authentication and an access policy based on the end-user location in the respective
user store and the type of device used for access
D. VIP authentication and an access policy based on the end-user location in the respective user
store and the type of device used for access

Answer: D

Explanation:

QUESTION 43
A company is examining its cloud information security and access control policies. After a cloud
security assessment, the company decides to use a cloud service access broker. It will act as an

“Best Material, Great Results”. www.certkingdom.com 15

 850-001

integrated policy decision point and policy enforcement point. Which component of Symantec O 3
can support this requirement?

A. Intelligence Center
B. ID-link client
C. Gateway
D. IWA connector

Answer: C

Explanation:

QUESTION 44
An organization plans to deploy O 3 to protect both sensitive internal and public cloud web
applications. What is the correct policy-authoring workflow the IT professional has to design in
order to control access to these applications?

A. define at Symantec hosted O

3
Intelligence Center, then publish to a Symantec hosted O
3
Gateway
B. define at Symantec hosted O
3
Intelligence Center, then publish to a customer hosted O
3
Gateway
C. define at customer hosted O
3
Intelligence Center, then publish to a customer hosted O
3
Gateway
D. define at customer hosted O
3
Intelligence Center, then publish to a Symantec hosted O
3
Gateway

Answer: B

Explanation:

QUESTION 45
An enterprise customer is planning to host Symantec O 3 Gateway on premise. The company
wants user passwords visible only to their identity provider. Which user store will provide this
functionality?

“Best Material, Great Results”. www.certkingdom.com 16

 850-001

A. Enterprise LDAP
B. HR RDBMS
C. OpenID
D. Corporate AD

Answer: C

Explanation:

QUESTION 46
How does Symantec Data Loss Prevention work with VMware vShield and Symantec Workflow to
effectively identify and separate virtual machines that contain sensitive information in virtual
environments?

A. by scanning content in transit to the virtual machine and Symantec Workflow to redirect the
sensitive information to a secured virtual machine
B. by scanning content that resides on the virtual machine and Symantec Workflow to isolate the
location of the sensitive information
C. by scanning content in transit to the virtual machine and Symantec Workflow to change the
virtual machine security group to a higher level
D. by scanning content that resides on the virtual machine and Symantec Workflow to change the
virtual machine security group to a higher level

Answer: D

Explanation:

QUESTION 47
Refer to the exhibit.

“Best Material, Great Results”. www.certkingdom.com 17

 850-001

Which Symantec Data Loss Prevention product is being used with this virtualization solution in
order to identify intellectual property on the virtual machines?

A. Symantec Data Loss Prevention Network Prevent

B. Symantec Data Loss Prevention Network Discover
C. Symantec Data Loss Prevention Endpoint Prevent
D. Symantec Data Loss Prevention Endpoint Discover

Answer: B

Explanation:

QUESTION 48
An individual has been able to obtain "Virtual Machine User" level access on a VMware host.
Which possible issue could this cause?

A. virtual machines being shut down

B. virtual machines removed from data store
C. ineffective resource pooling
D. broken fault tolerance

Answer: A

Explanation:

QUESTION 49
Refer to the exhibit.

“Best Material, Great Results”. www.certkingdom.com 18

 850-001

Where can Symantec Critical Systems Protection effectively enable organizations to stop
unauthorized services from running on a virtual server?

A. Location 1
B. Location 2
C. Location 3
D. Location 4

Answer: B

Explanation:

QUESTION 50
Refer to the exhibit.

“Best Material, Great Results”. www.certkingdom.com 19

 850-001

Which area of the virtual environment does VMware vShield Edge protect?

A. 1
B. 2
C. 3
D. 4

Answer: B

Explanation:

QUESTION 51
An enterprise is experiencing work-flow limitations with their suppliers. Which cloud deployment
model should an IT professional set up to manage their Business-to-Business relationship in this
situation?

A. a storage as a service model

B. a private model
C. a community model
D. a public model

Answer: C

Explanation:

QUESTION 52
The web infrastructure of an online retailer with branch offices across North America is unable to
cope with heavy transaction loads due to increasing web traffic volumes. Management has
decided to share its web infrastructure with a third-party provider and wants to keep its crucial web
servers on-premises to prevent server downtime. The supporting web servers will be hosted offpremise.
Which cloud deployment model is suitable for this company?

“Best Material, Great Results”. www.certkingdom.com 20

 850-001

A. public
B. private
C. hybrid
D. community

Answer: C

Explanation:

QUESTION 53
What is the correct order used by Symantec Messaging Gateway for scanning email messages?

A. message is scanned for spam > message is scanned for viruses > message is scanned for
content violations and data loss
B. message is scanned for viruses > message is scanned for spam > message is scanned for
content violations and data loss
C. message is scanned for viruses > message is scanned for content violations and data loss >
message is scanned for spam
D. message is scanned for viruses > message is scanned for spam > message attachments are
scanned for policy violations

Answer: A

Explanation:

QUESTION 54
A company has decided to move its email infrastructure to the cloud. The infrastructure includes a
Windows Exchange server, a Symantec Messaging Gateway, and a PGP Universal server. Which
external DNS MX record must be published for the cloud deployment?

A. MX record for the PGP Universal Server

B. MX for the Symantec Web Gateway
C. MX for the Windows Exchange Server
D. MX for the Symantec Messaging Gateway

Answer: D

Explanation:

QUESTION 55
When moving a company's email infrastructure to an IaaS cloud, which two Symantec Messaging
Gateway security capabilities can be deployed? (Select two.)

A. management of SPAM
B. encryption of email attachments
C. detection of malware D.IPS blocking

“Best Material, Great Results”. www.certkingdom.com 21

 850-001

D. port blocking

Answer: A,C

Explanation:

QUESTION 56
A company has decided to move its encrypted data to a new cloud service provider and end the
relationship with its existing cloud service provider. What needs to be completed in order to ensure
full deletion of the company's data?

A. electronically shred the data

B. format the hard drives
C. delete the partitions
D. reformat the hard drives

Answer: A

Explanation:

QUESTION 57
An enterprise is considering a proposal regarding the migration of its web servers and transaction
databases to a public cloud. During the risk assessment analysis, the CTO of the company raised
concerns about phishing and exploitation of software vulnerabilities. The CTO is concerned that an
attacker can potentially gain access to company assets and eavesdrop on company activities and
transactions. Which threat would be a concern to the CTO?

A. unknown risk profile

B. account or service hijacking
C. malicious insider
D. loss of governance

Answer: B

Explanation:

QUESTION 58
A large electric utility company is implementing a Smart Meter program for all of their customers.
As part of this effort, the company is providing the consumers with a cloud application to manage
their usage and costs. The company must protect its customers' access to the data and protect
the company's Smart Meter investment. What can the company do to secure this environment?

A. prevent access from consumer cell phones, tablets, and other mobile devices
B. require the consumer to accept an electronic confidentiality agreement before accessing the
environment
C. require the consumer to use two-factor authentication to access the application

“Best Material, Great Results”. www.certkingdom.com 22

 850-001

D. prevent access to the Meter, and reduce the information that the consumers can see

Answer: C

Explanation:

QUESTION 59
An enterprise is beginning to review the process of moving their regulated environment to a private
cloud. As part of this effort, they are planning on using virtualization technology for flexibility and
cost controls. They are concerned that if a hypervisor is compromised, their data could be at risk.
Which action should the enterprise take in order to address VM Hopping?

A. implement a VM patch management system

B. pass all requests through a virtualized routing system
C. apply host intrusion protection for VMs
D. take snapshots often for recovery

Answer: C

Explanation:

QUESTION 60
A company is moving to a SaaS email solution. The CSO of the company is concerned to learn
that employees are being sent emails and prompted to click on attachments within the messages
that appear at first to be benign, but in reality contain malware. What are two ways to prevent this
from happening? (Select two.)

A. implement two-factor authentication

B. implement antivirus across the enterprise
C. implement data loss prevention
D. implement an encryption solution
E. implement an education plan for employees

Answer: B,E

Explanation:

QUESTION 61
A CSO is concerned to learn that data is being intercepted while moving data between the cloud
and corporate users. What should an IT professional do to mitigate this issue?

A. implement data encryption

B. implement firewall policies
C. implement data loss prevention
D. implement an automated patch management process

“Best Material, Great Results”. www.certkingdom.com 23

 850-001

Answer: A

Explanation:

QUESTION 62
A company has employee data in a PaaS cloud. Results from an audit reveal that recently
departed administrators of the service provider have not been patching the database server that
holds sensitive data. What two Symantec products can be used to mitigate this risk? (Select two.)

A. Control Compliance Suite B.PGP Encryption

B. Enterprise Vault
C. Critical System Protection
D. Web Gateway

Answer: A,D

Explanation:

QUESTION 63
A US-based company needs to protect sensitive data sent over a public network by integrating
DLP and encryption solutions with their email infrastructure. Which data flow scenario should an IT
professional implement to ensure proper inspection and security of the data?

A. create email, DLP scan email, encrypt email, deliver email

B. create email, encrypt email, DLP scan email, deliver email
C. create email, encrypt email, deliver email, DLP scan email
D. create email, deliver email, DLP scan email, encrypt email

Answer: D

Explanation:

QUESTION 64
A CIO wants to move assets to the cloud to save cost and improve availability. The CIO has
mandated that the first data be moved without increasing risk of confidential information being
exposed. Which data meets this criteria?

A. Collaboration tool containing marketing collateral

B. HR database containing employee names and addresses
C. Web shopping portal that processes retail transactions
D. Inventory management system containing sales data

Answer: A

Explanation:

“Best Material, Great Results”. www.certkingdom.com 24

 850-001

QUESTION 65
An IT professional needs to determine if applications that are cloud migration candidates can
achieve the required scalability and reliability characteristics. What must an IT professional
consider regarding the applications' availability?

A. whether the application is based on variable consumption of computer resources

B. the percentage of uptime required of the application
C. if the application guarantees 100% of the megahertz or gigabytes that were reserved
D. whether it is based on Java, .NET, or another language

Answer: B

Explanation:

QUESTION 66
A company is planning a migration of an application to public IaaS. What is a valid objection
related to data security in this scenario?

A. loss of administrative control of the application in the cloud

B. security risks introduced by a multi-tenant cloud
C. inability to enforce strong authentication in the cloud
D. lack of operational resiliency in the cloud

Answer: B

Explanation:

QUESTION 67
An organization is exploring the cost and benefits of migrating business-critical applications into
the cloud. Today, the organization is most concerned with testing the cloud model and can wait
until their findings are complete. Which cloud consumption characteristic is most flexible and able
to meet their immediate needs?

A. allocation
B. metering
C. all-in
D. reservation

Answer: B

Explanation:

QUESTION 68
Which scenario identifies assets eligible for PaaS cloud migration?

A. proprietary beta release product application software and its supporting kernel-level

“Best Material, Great Results”. www.certkingdom.com 25

 850-001

programming code
B. the development team application servers that require constant physical configuration
changesthe development team? application servers that require constant physical configuration
changes
C. layer 3 switches that are being used to segregate the various business units and separate the
production and testing environments
D. database servers that are being used by the QA team to test load handling

Answer: D

Explanation:

QUESTION 69
A company's Chief Security Officer (CSO) has just learned that the quality assurance department
is utilizing public cloud IaaS infrastructures for testing of proprietary applications. These
applications may also be exposing sensitive customer information. Which solution will the CSO
use to determine the company's exposure?

A. Network Encryption
B. DLP Network Discover
C. Endpoint Encryption
D. DLP Network Prevent

Answer: B

Explanation:

QUESTION 70
A company is moving a custom application from their private datacenter to a public cloud IaaS
provider. This will allow partners to access the application over public networks. As part of this
initiative, the company would like to implement a more secure level of user access control. What
should an IT professional do to achieve this goal?

A. use DLP at the datacenter

B. use DLP at the IaaS provider
C. use two-factor authentication at the datacenter
D. use two-factor authentication at the IaaS provider

Answer: B

Explanation:

QUESTION 71
An organization has implemented a telecommuting initiative to allow employees to work from
home. Which solution would an IT professional implement to scan the user's HTTP traffic for
malicious code without requiring a connection to the company's VPN?

“Best Material, Great Results”. www.certkingdom.com 26

 850-001

A. Data Loss Prevention

B. Messaging Security Gateway
C. Data Encryption
D. Web Security.cloud

Answer: D

Explanation:

QUESTION 72
A company has decided to implement "cloud bursting" to allow their production environment to
scale to any size by utilizing on-demand connections to a public cloud IaaS infrastructure. Which
solution allows the IT department to minimize security risks by treating the IaaS environment as a
logical extension of their internal network?

A. Hosted SaaS connection between the datacenter and IaaS provider

B. Virtual DLP connection between the datacenter and the IaaS provider
C. IPSEC VPN connection between the datacenter and the IaaS provider
D. On-demand PGP connection between the datacenter and the IaaS provider

Answer: C

Explanation:

QUESTION 73
An administrator needs to profile discovered systems and group them according to controls that
are required. This function must also be performed across both physical and logical groupings
based on policy. Which solution performs this function?

A. Symantec Control Compliance Suite

B. Symantec Critical Systems Protection
C. Symantec Security Information Manager
D. Symantec Managed Security Services

Answer: A

Explanation:

QUESTION 74
A potential cloud customer has determined that their current applications are eligible for migration
because most are batch-processing applications that work on sets of data, extracting and inserting
data into databases. Which type of cloud application architecture is this application?

A. synchronous
B. asynchronous

“Best Material, Great Results”. www.certkingdom.com 27

 850-001

C. independent
D. traditional

Answer: B

Explanation:

QUESTION 75
Which security requirement is difficult for a SaaS provider to meet?

A. securing web page content from modification

B. ensuring trusted SSL communications
C. complying with company-specific IT standards
D. protecting the integrity of stored information

Answer: C

Explanation:

QUESTION 76
A retail seller needs to move its website to a public IaaS provider. The company's primary concern
is the confidentiality of its customer information, especially credit card and social security numbers.
The customer information and credit card payment system utilize two different databases.
Customer authentication data is kept on the customer database. Currently, the customer is
satisfied with the confidentiality of its existing deployment. What is the most important task in
designing a secure cloud deployment plan for this retailer?

A. investigate stronger authentication systems offered by the provider

B. verify procedures for hardening the provider's OS images, and then maintain
C. perform a security-gap analysis against the IaaS provider's environment
D. require specific security SLAs with the provider

Answer: C

Explanation:

QUESTION 77
A company wishes to take advantage of the security offerings and the benefits of scale associated
with a large cloud infrastructure. They require dedicated, pay-per-use forensic images of virtual
machines that are accessible without taking the infrastructure off-line. Which type of security
benefit is provided with this functionality?

A. resource concentration
B. rapid scaling of resources
C. evidence gathering
D. efficient updates and defaults

“Best Material, Great Results”. www.certkingdom.com 28

 850-001

Answer: C

Explanation:

QUESTION 78
Which component of the Symantec Control Compliance Suite (CCS) simplifies the evaluation of
procedural controls by enabling an organization to automate, publish, and analyze results from
web-based surveys?

A. CCS Response Assessment Manager

B. CCS Standards Manager
C. CCS Policy Manager
D. CCS External Data Interface Manager

Answer: A

Explanation:

QUESTION 79
A company is hosting its email infrastructure in the cloud. The company is unable to enjoy the
benefit of cloud deployment because its email servers process excessive spam emails. The
company needs a solution that can block spam and malware contained in email messages before
it reaches the email servers. Which solution resolves this issue?

A. Symantec Network Prevent for Email

B. Symantec Messaging Gateway
C. Symantec Web Gateway
D. Symantec MessageLabs Web Security.cloud

Answer: B

Explanation:

QUESTION 80
A company is moving to a SaaS email solution. The CSO is concerned about reports of
employees receiving spam emails that mislead employees into clicking links to websites where
they are prompted for sensitive company information. What are two ways to prevent this from
happening? (Select two.)

A. implement two-factor authentication

B. implement antivirus across the enterprise
C. implement data loss prevention
D. implement an automated patch management process
E. implement an awareness plan for employees

“Best Material, Great Results”. www.certkingdom.com 29

 850-001

Answer: C,E

Explanation:

QUESTION 81
A company has deployed its web infrastructure in a public cloud and its email infrastructure in a
private cloud. The company needs to deploy hosted DLP Network Prevent servers to monitor web
and email traffic. The company deploys the solution using the default installed certificates. Which
risk is associated with this scenario?

A. A rogue Enforce server may be loaded with certificates and used for a man-in-the-middle
attack.
B. A trusted insider may corrupt the certificates through the use of the SSLKeyTool and thereby
suspend operation of the Enforce server.
C. Knowing the file size and access attributes, a malicious adversary may delete the certificates
without administrator rights.
D. The Enforce server will be unable to differentiate communications between the network prevent
servers.

Answer: A

Explanation:

QUESTION 82
An IT operations team discovers several rogue virtual machines (VM) deployed in the cloud. The
VMs have VPN access to on-premise database and file servers containing sensitive design plans
for a new product line. The IT operations team also determines that a virus outbreak has occurred
on the network, and a gaming app is installed on multiple workstations. What must an IT
professional implement to resolve all of these issues?

A. Symantec Data Loss Prevention

B. Symantec Endpoint Protection
C. Symantec Web Gateway
D. Symantec Web security.cloud

Answer: B

Explanation:

QUESTION 83
A company plans to design and deploy a highly secure cloud infrastructure. The company
considers internal employees and partners to be trusted consumers and other parties to be
untrusted consumers. Both groups require access to separate sets of cloud services. Which cloud
architecture satisfies these requirements in the most secure way?

A. public

“Best Material, Great Results”. www.certkingdom.com 30

 850-001

B. off-premise
C. hybrid
D. community

Answer: C

Explanation:

QUESTION 84
A large defense contractor is considering using a public cloud to improve collaboration with its
critical suppliers. Guaranteed, just-in-time delivery of components is key to their continued
operation. What is the major consideration that the IT department should think about when
evaluating the cloud service provider?

A. encryption
B. resiliency
C. secure shredding
D. backup

Answer: B

Explanation:

QUESTION 85
A hospital group is building a cloud to manage collaboration on patient care across the health care
continuum. They have found that many of their professionals are on staff with other health care
organizations across geographic regions. They must offset the cost and improve collaboration
across the health care vertical. Which kind of cloud should the hospital group consider
implementing in order to meet these goals?

A. private
B. hybrid
C. community
D. metropolitan

Answer: C

Explanation:

QUESTION 86
How does Symantec Endpoint Protection (SEP) maximize VM density and performance without
impacting security?

A. SEP checks that offline VMware machines are safe before bringing them online.
B. SEP analyzes virtual system configurations to identify vulnerabilities.
C. SEP reduces the spread of malware by hardening VMware vCenter.

“Best Material, Great Results”. www.certkingdom.com 31

 850-001

D. SEP identifies malicious attacks to ESX/ESXi hypervisors without using signatures.

Answer: A

Explanation:

QUESTION 87
What are two functions of the Symantec Endpoint Protection (SEP) Virtual Image Exception tool?
(Select two.)

A. improves scan performance in a virtual desktop infrastructure (VDI) environment

B. works with USB drives and network shares on SEP clients and is enabled by default
C. allows SEP clients to bypass scanning base image files for threats, reducing disk I/O
D. works with the files that conform to the File Allocation Table (FAT) file system
E. improves CPU scanning process performance on virtual servers

Answer: A,C

Explanation:

QUESTION 88
Which cloud architecture offered by a service provider enables a consumer to utilize the Symantec
Endpoint Protection VMware Offline Scanner?

A. SaaS in a public cloud

B. PaaS in a community cloud
C. IaaS in a private cloud
D. SaaS in a hybrid cloud

Answer: C

Explanation:

QUESTION 89
A company wants to start working in the cloud. The company has tasked an IT professional with
identifying and fixing the security issues. The IT professional must solve the problem of employees
sending sensitive data both internally and externally. Which two solutions prevent sensitive data
from being compromised? (Select two.)

A. Data Loss Prevention B.PGP

B. Control Compliance Suite
C. Web Gateway
D. Antivirus

Answer: A,B

“Best Material, Great Results”. www.certkingdom.com 32

 850-001

Explanation:

QUESTION 90
Which Symantec solution do IT security professionals place in a public IaaS to provide monitoring
and log correlation functionality to other applications that are placed in both private and public
cloud infrastructures?

A. Control Compliance Suite

B. Security Information Manager
C. Web Security.cloud
D. Web Gateway

Answer: B

Explanation:

QUESTION 91
An international financial organization that must comply with both internal and regulatory
compliance policies is evaluating which applications can be moved to a public cloud infrastructure.
One of the policies is that any server running a company application must comply to OS versioning
and patching standards within four hours. Which cloud model could be utilized to meet this
requirement?

A. SaaS
B. IaaS
C. SecaaS
D. PaaS

Answer: B

“Best Material, Great Results”. www.certkingdom.com 33