Posted by: Pdfprep
Post Date: January 29, 2021
An Incident Responder launches a search from ATP for a file hash. The search returns the results immediately. The responder reviews the Symantec Endpoint Protection Manager (SEPM) command status and does NOT see an indicators of compromise (IOC) search command.
How is it possible that the search returned results?
A . The search runs and returns results in ATP and then displays them in SEP
C . This is only an endpoint search.
D . This is a database search; a command is NOT sent to SEPM for this type of search.
E . The browser cached result from a previous search with the same criteria.
Answer: A
Leave a Reply