S. No.

Topic Questions

why a company should implement data loss

1 Overview of DLP – Basic Concepts
prevention?

2 Architecture of DLP which component must run on physical server

Which database is used to store DLP incidents,
3 Architecture of DLP
users, and Enforce policies?
Which product is used to block outgoing mobile
4 Components in DLP
traffic

What is the purpose of the File Recovery Area

5 Components in DLP
Location option?

What action can be remediated using Network

6
Protect?
7 What is a benefit of Endpoint FlexResponse?
Which configuration tab is used to set a role so as to
8 Working on GUI of application
view or edit role?

9 What type ports are used for Network Monitor?

How should the user log in to the user interface in

10 Working on GUI of application
the sysadmin role?
Which product provides support for the Citrix
11 Architecture of DLP
XenApp virtualization platform?

12 Architecture of DLP Which products can be run on virtual servers?

What should be consider when deploying Endpoint

13 Overview of DLP – Basic Concepts
Prevent?

Which plug-in can connect to Microsoft Active

14 Infrastructure and System requirement
Directory (AD)?

What are the benefits that data loss prevention

15 Feature of DLP
solutions provide?

16 Feature of DLP Which are consider confidential data?

17 Feature of DLP What is a function of the Enforce Server?

Which detection server requires two physical

18 Architecture of DLP
network interface cards?

19 Feature of DLP What is the function of the Remote Indexer?

 Where can we check CPU Utilization, Disk
20 Working on GUI of application Utilization, Memory Utilization in Management
console
Which file describe communications between the
21 Architecture of DLP
detection server and the agents.
which log file provide details about when policies
22 Architecture of DLP and profile are sent to detection and endpoint
server from enforce server

23 Architecture of DLP Command that displays the network connection

24 What mode does not Mobile Prevent support

Which filtering option is not supported by Mobile
25
prevent
26 what is default value for Icap.BindAddress

27 how many log collection process can run at a time

28 Infrastructure and System requirement which indexer is supported by oracle database

29 Definition of different component in DLP Which profile contains data from structured data

which profile contains a statistical model of the

30 Definition of different component in DLP
features (keywords)

which profile contains data that has been indexed

31 Definition of different component in DLP
from a collection of confidential documents

how many pre-built policy templates are present in

32 Working on GUI of application
the system.
what is maximum number of characters that can be
33 Working on GUI of application
used in name of the policy

34 Working on GUI of application For which data we cannot use VML policy

35 Definition of different component in DLP Where can you define roles in DLP

36 Architecture of DLP what port does ldap communicate with dlp

37 Definition of different component in DLP Which technology detect PII data

which technology detects exact identities

38 Definition of different component in DLP synchronized from a directory server or profiled
from a database

which content rule describes content using

39 Definition of different component in DLP
keywords, key phrases, and keyword dictionaries

which policy template limits sharing of consumer

40 Definition of different component in DLP
information by financial institutions.
41 Working on GUI of application how to add a rule into a policy

what is maximum number of characters that can be

42 Working on GUI of application
used in description of policy component.

43 Overview of DLP – Basic Concepts What is the first step in defining a DLP policy?

Which of the following is *not* an advantage of

44 Components in DLP
MTA integration for using DLP with email?

Which is the most important form of protection to

45 Overview of DLP – Basic Concepts
keep sensitive data from leaving your network?

46 Components in DLP Discover Servers are used to scan

Endpoint agents CANNOT monitor data copies to

47 Feature of DLP
what?
Where can a list of disconnected Data Loss
48 Working on GUI of application
Prevention agents be found?

49 Components in DLP Which DLP server can scan Lotus notes database.

50 Overview of DLP – Basic Concepts What is the main function of DLP?

What type of data is captured in an Indexed
51 Components in DLP
Document Matching (IDM) profile?
52 Smart Response rules are:

53 Which product quarantines or copies exposed files?

Which product provides insight over data being

copied to removable media?
54

55 What is the main function of response rules?

Endpoint response rules only occur with which

56
detection method?
In order to keep a copy of the original file in
57 endpoint incidents, which response rule must be
created and added to a policy?

58 What does Data-In-Motion refers to ?

59 What does Data-In-Rest refers to ?

60 Working on GUI of application What are Data-In-Rest includes to?

61 Which is agent-based solution?

Which protocol does Network Monitor servers
62
monitors

63 Which protocol does Endpoint Server Monitors.

Where are the Policies configured in DLP

64
technologies?

Which software components need to be deployed in

65 order to use native SharePoint scanning available in
Symantec Data Loss Prevention (DLP) 11?

Which Oracle utility can be run from the Enforce

66 box to test network connectivity between Enforce
and the Oracle database?

Which Network incident report indicates where

67 employees are most often sending emails in
violation of policies?

Which DLP Agent task is unique to the Symantec

68 Management Platform and is unavailable through
the Enforce console?

A divisional executive requests a report of all

incidents generated by a particular region,
69
summarized by department. What must be
populated to generate this report?

Which report helps a compliance officer understand

70 how the company is complying with its data security
policies over time?

Which feature should an incident responder use to

71 investigate where an attachment has created other
violations?

Which task is a Mobile Device Management

72 solution unable to perform with regard to Symantec
Data Loss Prevention for Tablets?

What is the purpose of the File Recovery Area

73
Location option?
 How does the Detection server receive its
74 configuration and transmit detected incidents in
DLP?

When confidential data is found on an Endpoint file

75 system during a scan, which reporting section will
include the incidents?

76 What is an advantage of using a Dashboard report?

When should a policy be configured to block

77
network transmissions?

Based on a Vector Machine Learning (VML) profile,

78 what must be exceeded in order for a match to be
detected and an incident to be generated?

Which plug-ins is supported for directory

79
integration?
To exclude detection on e-mails sent to a trusted
80
business partner, you use:
For what task is Directory Group Matching (DGM)
81
used?
Which automated response rule is specific to
82
Endpoint Prevent?

83 what value enables removable media scanning

When a policy is no longer needed, what should be

84
done with the policy?
When does an Endpoint Discover scan of a target
85
complete?
Which is valid Scanned Content filter types for the
86
Discover File System target?
87 What kind of data does DLP monitor?
How many keystore file can be placed in the
88
keystore directory

89 What is the core function of Data loss prevention?

90 What does SPAN stands for?

91 What is DLP Endpoint Prevent used for?

92 What are all parts of DLP Solution?

A sequence of characters that forms a search

93 pattern, mainly for use in pattern matching with
strings, or string matching is called?

94 What is the first step in defining a DLP policy?

What is the most defining characteristic (and

95
important feature) of a DLP product?

Which of the following is disadvantage of MTA

96
integration for using DLP with email?

Which of the following can be monitored with a

97
comprehensive DLP endpoint?
Which port is used for communication between
98 Architecture of DLP endpoint and Endpoint detection server if your
product is Symantec DLP?

Which port is used for communication between all

99 Architecture of DLP Detection servers and Enforcer server if your
product is Symantec DLP?
Which detection server can block file transfer
100
protocol (FTP) requests?

101 Architecture of DLP Which products run on the same detection server
 Choice A Choice B
ans) demonstrate regulatory
prevent the threat of malware compliance, protect brand and
reputation
Endpoint Prevent ans)Network Monitor

MySQL ans) Oracle

Mobile Email Monitor Network Prevent for Email

secure filestore of incidents and data location of files quarantined through

while agents are offline Endpoint Discover scans

ans) Copy, Quarantine copy, move

branched decision remediation manual file quarantine

ans) General tab Incident Access tab

ans) Test Access Port (TAP), Switched Test Access Port (TAP), Network
Port Analyzer (SPAN) port Inspector Port (NIP)

sysadmin\username@domain ans) sysadmin\username

ans) Endpoint Prevent Network Discover

ans) Enforce, Network Prevent Enforce, Network Monitor

ans) test the agent on a variety of initially enable monitoring of the local
end-user images file system

CSV Lookup ans) Live LDAP Lookup

provides accurate measurement of gives insight into capacity planning for

encrypted outgoing email sensitive data

manufacturing plant locations published press releases

ans) policy creation detection of incidents

Network Protect ans) Network Discover

to create Index Document Matching

(IDM) profiles and Exact Data ans) to create Exact Data Matching
Matching (EDM) profiles on a remote (EDM) profiles on a remote server
server
 ans) Go to System-->Servers--
Go to System >> System reports >Overview and click on server to
check the status.

ans) Aggregator0.log Indexer0.log

Indexer.log ans) VontuMonitor.log

net use net stat

ans) response mode incident mode

ans) Response Filtering Request Filtering

ans) 0.0.0.0 192.168.1.1

ans) 1 2

ans) SQL Preindexer Remote EDM Indexer

ans) Exact Data Profile Indexed Document Profile

Exact Data Profile Indexed Document Profile

Exact Data Profile ans) Indexed Document Profile

ans) 65 50

ans) 256 216

ans) Personally Identifiable

product formulas
Information (PII)
ans) System > Login Management >
System > Settings > General
Roles
ans) 389 80

Indexed Document Matching (IDM) ans) Exact Data Matching (EDM)

Indexed Document Matching (IDM) Exact Data Matching (EDM)

Content Matches Regular Expression Content Matches Data Identifier

Sarbanes-Oxley ans) Gramm-Leach-Bliley

 Manage >Policies >Policy List ans) Manage > Policies > Policy List >
>ConfigurePolicy –Edit Rule Configure Policy – Add Rule

ans) 255 256

Identify the users (including groups

Determine network channels to
and roles) and how the policy will
protect (e.g. IM, email, Web)
apply

Automatic encryption based on

ans)Internal email monitoring and
content (when integrated with an
enforcement
email encryption tool)

Hardened file servers Encryption

Endpoint Laptops and Desktops and

ans)File Share Server and Sharepoint
emails

CD/DVD ans) network shares

System Overview Health and Status report

Network Monitor ans) Discover Server

to archive data to transfer important data

ans)Unstructured Data Structured Data

Executed automatically Based on conditions

Network Discover Endpoint Prevent

Network Prevent Network Discover

To respond to email alerts from the ans)To tell the system what to do
system when an incident is detected

EDM IDM

ans) Limit Incident File Retention Limit Incident Data Retention

ans)Data transmitted across a

Data stored on computers
network

ans)Data stored on computers Data transmitted across a network

 End-user workstations, laptops and
Data transmitted across a network
servers

ans)Data-In-use Data-At-rest

ans)SMTP Printer

ans)Clipboard SMTP

ans)Enforcer Network Monitor

SharePoint scanner on a SharePoint Network Discover Web Scanner

WFE(web front-end) server and a installed on a SharePoint WFE (web
secure credential file containing front-end) 2007/2010 and SharePoint
authentication information indexing server

rconfig ans)sqlplus

Location Summary Status by Target

Change Endpoint server Restart agent

remediation attributes sender correlations

ans)Policy Trend report, summarized Policy Trend report, summarized by

by policy, then quarter policy, then severity

ans)Report Filters Incident History

ans)Diagnose and test

Push user and proxy root certificates.
interoperability of VPN clients.

secure filestore of incidents and data location of files quarantined through

while agents are offline Endpoint Discover scans
 The Detection server receives ans)The Detection server receives
configuration information from configurations from the Enforce
Enforce and persists incidents directly server and persists incidents to the
to the Oracle database. Enforce server.

Network Incident reports Endpoint Incident reports

Incident responders can view ans)They allow incidents to be

correlations across multiple products viewed across multiple products.

once the policy has been defined and once the policy baseline risk snapshot
configured is established

ans)The Similarity Score The Similarity Threshold

CSV ans)Glade

Detection rules Response rules

To resolve custom attributes for

ans) To match AD groups to policies
groups

Quarantine Copy File

0 ans) 1

Rewrite it to include detections that

Export it for future use
are current
After each agent receives the target
After the default time threshold
scan info

Read ACL filter Metadata filter

Email only web only

ans) 1 2

DLP is used to backup and protect ans)It is used to monitor and prevent
confidential data and regulatory confidential data and enforce
compliance. regulatory compliance.
ans)Switched Port Analyser. State Policy Action Network

To protect endpoint machines from It is used for files and folders

malicious and destructive programs. permission control.
ans)Policy Enforcer, Email Prevent,
Enforcer, Email gateway, Web
Web Prevent, Endpoint Prevent,
Gateway, Endpoint Prevent.
Network Discover,

ans)Regular Expression. Variable to accommodate input.

Identify the users (including groups

Determine network channels to
and roles) and how the policy will
protect (e.g. IM, email, Web)
apply

Network protocol coverage ans)Deep content analysis

Automatic encryption based on

ans)Internal email monitoring and
content (when integrated with an
enforcement
email encryption tool)

Network activity, URL Filtering ans)USB, Cut/paste Activity, Printing

Port 8080 Port 8100

Port 8080 ans)Port 8100

Network Monitor Server FTP Prevent Server

ans) Network Protect and Network Endpoint Discover and Network

Discover Discover
 Choice C Choice D

protect the CISO from liability due to a

prevent employee malicious activity
security breach

Enforce Network Prevent

IBM DB2 SAP

ans) Mobile Prevent Network Discover

ans) temporary backup location of location of files marked for retention

blocked files after deleting incidents

block, quarantine move, block

ans) automated encryption end user cancel

Policy Management tab Users tab

Test Access Port (TAP), Cisco Remote Physical Port Analyzer, Switched Port
Analyzer Port Analyzer (SPAN) port

domain\username sysadmin\username\domain

NetworkProtect Network Prevent

Endpoint Prevent, Network Prevent Endpoint Discover, Network Prevent

enable monitoring of many

configure blocking as soon as the
destinations and protocols
agents are deployed
simultaneously

Active Directory Integration Lookup Directory Server Lookup

ans) identifies who has access to

measures encryption strength for
sensitive data and where it is being
sensitive data
sent

stock performance history ans) employee health information

identification of confidential data in

inspection of network communication
repositories

Endpoint Discover Network Monitor

to create policy templates on a remote to create Index Document Matching

server (IDM) profiles on a remote server
 Go to System >> Agents Go to System >>Incident Data

BoxMonitor0.log PacketCapture.log

FileReader.log BoxMonitor0.log

net time net share

detection mode block mode

Incident filtering log filtering

127.0.0.0 10.1.1.1

3 4

EDM Indexer Oracle Indexer

Vector Machine Learning Profile User Profile

ans) Vector Machine Learning Profile User Profile

Vector Machine Learning Profile User Profile

75 85

250 200

patient records financial documents

System > Agents > Agent

System > Servers > Overview
Configuration
21 8080

Described Content Matching(DCM) Directory Group Matching(DGM)

ans) Directory Group

Described Content Matching(DCM)
Matching(DGM)

Content Matches Document

ans) Content Matches Keyword Signature From an Indexed Document
Profile (IDM)

Payment Card Industry Data Security

State Data Privacy
Standard
 Manage > Policies > Policy List >
Manage > Policies > Policy List
Configure Policy s

100 60

ans)Identify the content to protect

Specify enforcement actions (e.g. block
and the right content analysis
vs. alert)
technique

Sending messages back to users for

Quarantine of messages for compliance
confirmation of content and
review
recipients

ans)DLP Strong passphrases

Endpoint Laptops and Desktops and

File Share Server and Emails
Sharepoint

USB (for example, thumb drives) printers/faxes

Incident report, sorted by agent

ans) Agent Overview
status

Endpoint Server Enforce Server.

ans) to prevent data loss to backup data

Data that cannot be indexed Encrypted Data

ans)Executed manually Require scripting

Endpoint Discover ans)Network Protect

ans)Endpoint Prevent Endpoint Discover

To generate feedback from DLP users To respond to DLP requirements

ans)DCM DGM

Limit Endpoint Data Retention Limit Endpoint File Retention

Internal and external communications Data saved on hard drive

Internal and external communications Data saved on hard drive

 ans)Files, databases, or e-mails saved
on a hard drive or server
Internal and external communications

Data-In-Motion Data-In-Network

Clipboard CD/DVD

HTTP FTP

Network Discover Endpoint Prevent

ans)Network Discover DLP Solution

SharePoint scanner on the SharePoint
installed on a SharePoint WFE (web
database server
front-end) server

netca rman

ans)Top Recipient Domains Destination Summary

ans)Set log level

Pull agent logs

status groups ans)custom attributes

Policy report, filtered on quarter, and Policy report, filtered on date, and
summarized by policy summarized by policy

Incident Details Policy Matches

Prevent tampering with VPN profile Enforce remediation or action if a

settings. user turns off the VPN.

ans)temporary backup location of location of files marked for retention

blocked files after deleting incidents
 The Detection server updates
The Detection server communicates
configuration changes directly to the
directly with the Oracle database as
Oracle database; all other
well as using multicast TCP to the
communications are with the Enforce
Enforce server.
server.

ans)Discover Incident reports Classification Incident reports

They can be used as work queues for Incident responders can see the
incident responders. history of each incident.

after smart responses have been ans)after the policy has been tuned
configured into the policy for accuracy and exceptions

The Similarity Profile The Similarity Index

FlexResponse Text

ans)Exceptions Custom Attributes

To include or exclude certain groups To enforce group login accounts

ans)User Cancel Block

2 3

ans)Suspend it Delete it

ans)When all agents have sent back

When the stop button is pushed
their results

ans) Exclude filter File Owner filter

ftp only ans) Email, FTP, Web

0 3

It’s a firewall to protect from malicious

programs.

Spanning Network. Standard Port Analyser.

ans)To monitor and prevent contents

defined in DLP policies
 Email Prevent, Policy Enforcer, Web
Email Prevent, Policy Enforcer, MTA,
prevent, Endpoint Prevent, Network
Web gateway.
Scan.

Regular String. Pattern matching.

ans)Identify the content to protect

Specify enforcement actions (e.g. block
and the right content analysis
vs. alert)
technique

Email integration USB blocking

Sending messages back to users for

Quarantine of messages for compliance
confirmation of content and
review
recipients

Images, videos Text in form of images

Port 80 ans)Port 8000

Port 8000 Port 443

ans) Web Prevent Server Endpoint Prevent Server

Network Discover and Network

Network Monitor and Network Prevent
Monitor