An Incident Responder launches a search from ATP for a file hash. The search returns the results immediately. The responder reviews the Symantec Endpoint Protection Manager (SEPM) command status and does NOT see an indicators of compromise (IOC) search command. How is it possible that the search returned results?
A) The search runs and returns results in ATP and then displays them in SEPM.
B) This is only an endpoint search.
C) This is a database search; a command is NOT sent to SEPM for this type of search.
D) The browser cached result from a previous search with the same criteria.
Correct Answer:
Verified
Q88: What is the minimum amount of RAM
Q89: Which stage of an Advanced Persistent Threat
Q90: An Incident Responder has reviewed a STIX
Q91: While filling out the After Actions Report,
Q92: Which National Institute of Standards and Technology
Q94: An Incident Responder discovers an incident where
Q95: Which final steps should an Incident Responder
Q96: Which two actions can an Incident Responder
Q97: Malware is currently spreading through an organization's
Q98: Which default port does ATP use to
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents