Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

250-587 Symantec Data Loss Prevention 16.x Administration Technical Specialist Free Practice Exam Questions (2026 Updated)

Prepare effectively for your Symantec 250-587 Symantec Data Loss Prevention 16.x Administration Technical Specialist certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2026, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Symantec 250-587 Premium Access     Download Demo    
Page: 1 / 2
Total 100 questions

Which of the following actions can you implement ONLY as a Smart Response rule (and not as an automates response rule)?

A.

All: Limit Incident Data Retention

B.

Network Protect: SharePoint Release From Quarantine

C.

All: Set Attribute

D.

All: Add Note

Which two (2) detection technology options run on the DLP agent? (Choose two.)

A.

Indexed Document Matching (IDM)

B.

Directory Group Matching (DGM)

C.

Described Content Matching (DCM)

D.

Optical Character Recognition (OCR)

E.

Form Recognition

An administrator is unable to log in to the Enforce management console as “sysadmin”. Symantec DLP is configured to use Active Directory authentication. The administrator is a member of two roles: “sysadmin” and “remediator.”

How should the administrator log in to the Enforce console with the “sysadmin” role?

A.

sysadmin\username

B.

sysadmin\username@domain

C.

domain\username

D.

username\sysadmin

A DLP administrator needs to remove an agent its associated events from an Endpoint server.

Which Agent Task should the administrator perform to disable the agent’s visibility in the Enforce management console?

A.

Delete action from the Agent health dashboard

B.

Delete action from the Agent List page

C.

Disable action from Symantec Management Console

D.

Change endpoint Server action from the Agent Overview page

A DLP administrator has enabled and successfully tested custom attribute lookups for incident data based on the Active Directory LDAP plugin. The Chief Information Security Officer (CISO) has attempted to generate a User Risk Summary report, but the report is empty. The DLP administrator confirms the Cisco’s role has the “User Reporting” privilege enabled, but User Risk reporting is still not working.

What is the probable reason that the User Risk Summary report is blank?

A.

Only DLP administrators are permitted to access and view data for high risk users.

B.

The Enforce server has insufficient permissions for importing user attributes.

C.

User attribute data must be configured separately from incident data attributed.

D.

User attributes have been incorrectly mapped to Active Directory accounts.

Which option correctly describes the two-tier installation type for Symantec DLP?

A.

Install the Oracle database on the host, and install the Enforce server and a detection server on a second host.

B.

Install the Oracle database on a local physical host, and install the Enforce server and detection servers on virtual hosts in the Cloud.

C.

Install the Oracle database and a detection server in the same host, and install the Enforce server on a second host.

D.

Install the Oracle database and Enforce server on the same host, and install detection servers on separate hosts.

Which product is able to replace a confidential document residing on a file share with a marker file explaining why the document was removed?

A.

Network Discover

B.

Cloud Service for Email

C.

Endpoint Prevent

D.

Network Protect

A customer needs to integrate information from DLP incidents into external Governance, Risk and Compliance dashboards.

Which feature should a third party component integrate with to provide dynamic reporting, create custom incident remediation processes, or support business processes?

A.

Export incidents using the CSV format

B.

Incident Reporting and Update API

C.

Incident Data Views

D.

A Web incident extraction report

How should a DLP administrator exclude a custom endpoint application named “custom_app.exe” from being monitored by Application File Access Control?

A.

Add “custom_app.exe” to the “Program Exclusion List” in the agent configuration settings.

B.

Add “custom_app.exe” to the “Application Whitelist” on all Endpoint servers.

C.

Add a “custom_app.exe” Application Monitoring Configuration and de-select all its channel options.

D.

Add “custom_app.exe” as a filename exception to the Endpoint Prevent policy.

What detection technology supports partial row matching?

A.

Vector Machine Learning (VML)

B.

Indexed Document Matching (IDM)

C.

described Content Matching (EDM)

D.

Exact data Matching (EDM)

What is the default fallback option for the Endpoint Prevent Encrypt response rule?

A.

Block

B.

User Cancel

C.

Encrypt

D.

Notify

A divisional executive requests a report of all incidents generated by a particular region, summarized by department.

What does the DLP administrator need to configure to generate this report?

A.

Custom attributes

B.

Status attributes

C.

Sender attributes

D.

User attributes

What detection technology supports partial contents matching?

A.

Indexed Document Matching (IDM)

B.

Described Content Matching (DCM)

C.

Exact Data Matching (DCM)

D.

Optical Character Recognition (OCR)

Which two DLP products support the new Optical Character Recognition (OCR) engine in Symantec DLP 15.0? (Choose two.)

A.

Endpoint Prevent

B.

Cloud Service for Email

C.

Network Prevent for Email

D.

Network Discover

E.

Cloud Detection Service

A DLP administrator created a new agent configuration for an Endpoint server. However, the endpoint agents fail to receive the new configuration.

What is one possible reason that the agent fails to receive the new configuration?

A.

The new agent configuration was saved but not applied to any endpoint groups.

B.

The new agent configuration was copied and modified from the default agent configuration.

C.

The default agent configuration must be disabled before the new configuration can take effect.

D.

The Endpoint server needs to be recycled so that the new agent configuration can take effect.

Which two (2) DLP products support Optical Character Recognition (OCR)? (Choose two.)

A.

Network Discover

B.

Endpoint Prevent

C.

Network Prevent for Email

D.

Endpoint Discover

E.

Information Centric Analytics

Which two components can perform a file system scan of a workstation? (Choose two.)

A.

Endpoint Server

B.

DLP Agent

C.

Network Prevent for Web Server

D.

Discover Server

E.

Enforce Server

A DLP administrator has added several approved endpoint devices as exceptions to an Endpoint Prevent policy that blocks the transfer of sensitive data. However, data transfers to these devices are still being blocked.

What is the first action an administrator should take to enable data transfers to the approved endpoint devices?

A.

Disable and re-enable the Endpoint Prevent policy to activate the changes

B.

Double-check that the correct device ID or class has been entered for each device

C.

Verify Application File Access Control (AFAC) is configured to monitor the specific application

D.

Edit the exception rule to ensure that the “Match On” option is set to “Attachments”

A DLP administrator needs to remove an agent and its associated events from an Endpoint server.

Which Agent Task should the administrator perform to disable the agent’s visibility in the Enforce management console?

A.

Delete action from the Agent List page

B.

Disable action from Symantec Management Console

C.

Change Endpoint Server action from the Agent Overview page

D.

Delete action from the Agent Health dashboard

A DLP administrator is testing Network Prevent for Web functionality. When the administrator posts a small test file to a cloud storage website, no new incidents are reported.

What should the administrator do to allow incidents to be generated against this file?

A.

Change the “Ignore requests Smaller Than” value to 1

B.

Add the filename to the Inspect Content Type field

C.

Change the “PacketCapture.DISCARD_HTTP_GET” value to “false”

D.

Uncheck trial mode under the ICAP tab

Symantec 250-587 Premium Access     Download Demo    
Page: 1 / 2
Total 100 questions
Copyright © 2014-2026 Solution2Pass. All Rights Reserved