Use this quick start guide to collect all the information about Broadcom Endpoint Security Complete Technical Specialist (250-580) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the 250-580 Symantec Endpoint Security Complete - R2 Technical Specialist exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual Broadcom Endpoint Security Complete Technical Specialist certification exam.
The Broadcom Endpoint Security Complete Technical Specialist certification is mainly targeted to those candidates who want to build their career in Endpoint Security domain. The Broadcom Endpoint Security Complete - R2 Technical Specialist exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of Broadcom Endpoint Security Complete Technical Specialist.
Broadcom Endpoint Security Complete Technical Specialist Exam Summary:
Exam Name | Broadcom Endpoint Security Complete - R2 Technical Specialist |
Exam Code | 250-580 |
Exam Price | $250 (USD) |
Duration | 180 mins |
Number of Questions | 150 |
Passing Score | 70% |
Books / Training |
Endpoint Protection 14.x Administration R1 Endpoint Protection 14.2 Maintain and Troubleshoot Endpoint Detection and Response 4.x Planning, Implementation and Administration R1 |
Schedule Exam | Broadcom |
Sample Questions | Broadcom Endpoint Security Complete Technical Specialist Sample Questions |
Practice Exam | Broadcom 250-580 Certification Practice Exam |
Broadcom 250-580 Exam Syllabus Topics:
Topic | Details |
---|---|
Introduction to Symantec Endpoint Security Complete |
- Understand SES Complete Architecture. - Describe the benefits of SES Complete Cloud-based management. - Describe the various methods for enrolling SES endpoint agents. |
Configuring SES Complete Security Controls |
- Understand how policies are used to protect endpoint devices. - Understand the Threat landscape and the MITRE ATT&CK Framework. - Describe how SES Complete can be used in preventing an attacker from accessing the environment. - Describe how SES Complete prevents threat execution. - Describe how SES Complete prevents threat persistence. - Describe how SES Complete prevents privilege escalation. - Describe how SES Complete prevents defense evasion. - Describe how SES Complete prevents device discovery. - Describe how SES Complete blocks Command & Control communication. - Describe how SES Complete works to block data exfiltration. - Describe SES Complete content update types and how they are distributed to endpoints. - Describe SES Complete policy versioning and its use. |
Responding to Threats with ICDm |
- Describe the ICDm security control dashboards and their use. - Understand how ICDm is used to identify threats in the environment. - Describe the incident lifecycle and steps required to identify a threat. - Describe the ways in which ICDm can be used to remediate threats. - Describe how to use ICDm to configure administrative reports. |
Endpoint Detection and Response |
- Describe the requirements to enable Endpoint Detection and Response in the ICDm management console. - Describe how EDR assists in identifying suspicious and malicious activity. - Describe how EDR aids in investigating potential threats. - Describe the configuration and use of the Endpoint Activity Recorder. - Understand the use of LiveShell for incident response. - Describe how to use EDR to retrieve and submit files for analysis. - Describe how EDR can be used to quarantine endpoint devices. - Describe how EDR can be used to block and quarantine suspicious files. |
Attack Surface Reduction |
- Describe Behavior Prevalence the use of the SES Complete Behavioral Insights and Policy Tuning Widget. - Describe how the SES Complete Heatmap can be used to prevent unwanted application behaviors. - Describe SES Complete policy adaptations and behavioral tuning. - Describe the SES Complete policy and device groups and how they are used. - Describe the requirements to enable App Control in the ICDm management console. - Describe the process of monitoring drift to further tune App Control policies. |
Mobile and Modern Device Security |
- Describe the requirements to enable Network Integrity in the ICDm management console. - Describe Network Integrity Policy Configuration and its use. - Describe how Network Integrity works to remediate threats. - Describe how SES Complete's mobile technologies protection against malicious apps. - Describe how SES Complete's mobile technologies protection against malicious networks. |
Threat Defense for Active Directory |
- Describe the requirements for Threat Defense for Active Directory Installation and Configuration. - Describe the Threat Defense Active Directory policy and its use. - Describe how Threat Defense for Active Directory is used to identify threats. - Describe how Threat Defense for Active Directory protects against misconfigurations and vulnerabilities in an environment. |
Working with a Hybrid Environment |
- Describe the process for policy migration from SEPM to the ICDm console. - Describe policy precedence in a hybrid configuration. - Understand how Sites and Replication are impacted in a Hybrid environment. - Describe the requirements and process for SEPM integration with the ICDm platform used in a SES Complete Hybrid architecture. |
Architecting and Sizing the SEP Implementation |
- Describe the Symantec Endpoint Protection components - Determine proper placement for GUP, SEPM, and LUA for communication and content deployment |
Preventing File-Based Attacks with SEP Layered Security | - Explain common threats and security risks to the endpoint |
Managing Client Architecture and Active Directory Integration |
- Explain how policies and concepts relate to the Symantec Endpoint Protection architecture - Describe how to configure communication, general, and security settings |
Managing Client-to-Server Communication | - Identify how to verify client connectivity and find clients in the console |
Introducing Content Updates Using LiveUpdate | - Describe how to configure LiveUpdate policies |
Managing Security Exceptions |
- Describe when and how to configure exceptions - Explain the remediation actions for infected files |
Preventing Attacks with SEP Layered Security |
- Describe how protection technologies interact and their dependencies - Describe how to customize Firewall, Intrusion Prevention and Application and Device Control policies |
Securing Windows Clients |
- Describe how to configure scheduled and ondemand scans - Describe how to configure Auto-Protect for file systems/email clients - Describe how to configure Insight and Download Insight - Describe how to configure SONAR |
Protecting Against Network Attacks and Enforcing Corporate Policies using the Firewall Policy | - Describe how to configure the Firewall policy |
Blocking Network Threats with Intrusion Prevention | - Describe how to configure Intrusion Prevention policies |
Controlling Application and File Access and Restricting Device Access for Windows and Mac Clients | - Describe how to configure Application and Device Control policies |
Installing the Symantec Endpoint Protection Manager | - Explain when to install additional Symantec Endpoint Protection Managers and sites |
Managing Replication and Failover | - Describe how to edit server and site properties |
Benefiting from a SEPM Disaster Recovery Plan | - Explain the procedures for Symantec Endpoint Protection database management, backup, restore and Symantec Endpoint Protection disaster recovery |
Monitoring the Environment and Responding to Threats | - Describe how to create, view, and manage notifications |
Managing Console Access and Delegating Authority | - Describe how to manage administrator accounts and delegation of roles |
Endpoint Detection and Response - Architecting and Sizing |
- Given a scenario, demonstrate knowledge of SEDR Architecture and Sizing considerations. - Describe the capabilities and functions of Symantec EDR. |
Implementation |
- Given a scenario, define the discrete components found within SEDR. - Describe installation prerequisites, minimum solution configuration and installation procedures required to identify threats. |
Detecting Threats |
- Describe installation prerequisites, minimum solution configuration and installation procedures required to identify threats. - Describe the challenges faced when threat hunting in the environment and their resultant business objectives. |
Investigating Threats |
- Describe the methods used to identify evidence of suspicious and malicious activity. - Describe the various types of Indicators of Compromise (IoC) found in a typical environment. - Describe the methods used to search for IOCs using SEDR. |
Responding to Threats |
- Describe the methods SEDR uses to respond to threats in a typical environment. - Describe installation prerequisites, minimum solution configuration and installation procedures required to isolate threats. |
Reporting on Threats |
- Describe the methods used to create post incident reports and the benefits to forensic analysis it provides. - Given a scenario, determine the appropriate method to create a post incident report using SEDR. |
To ensure success in Broadcom Endpoint Security Complete Technical Specialist certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for Symantec Endpoint Security Complete - R2 Technical Specialist (250-580) exam.