Prev Question
Next Question

An Incident Responder launches a search from ATP for a file hash. The search returns the results immediately. The responder reviews the Symantec Endpoint
Protection Manager (SEPM) command status and does NOT see an indicators of compromise (IOC) search command.
How is it possible that the search returned results?

A. The search runs and returns results in ATP and then displays them in SEPM.

B. This is only an endpoint search.

C. This is a database search; a command is NOT sent to SEPM for this type of search.

D. The browser cached result from a previous search with the same criteria.


Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *