Explanation: The security administrator can view the Live Response activities and commands that have been executed while performing a remediation process to the sensors in the Audit Log page in the VMware Carbon Black Cloud Endpoint Standard console. The Audit Log page allows the administrator to review actions performed by Carbon Black Cloud console users, such as logging in, creating policies, banning hashes, isolating devices, and initiating Live Response sessions. The administrator can use various filters and keywords to narrow down the log scope and find the relevant entries. For example, the administrator can use the following keyword to find all the Live Response activities and commands:
live-response
This keyword will return all the log entries that contain the term live-response, which indicates that the action was related to the Live Response feature. The administrator can also use the following fields to refine the search results:
- User: The name of the user who performed the action.
- Action: The type of action that was performed, such as login, create, update, delete, enable, disable, and so on.
- Object: The object that was affected by the action, such as policy, device, hash, and so on.
- Date: The date and time range when the action was performed.
The administrator can also modify the level of granularity of the log entries, expand the log scope, limit the log scope to keywords, modify the audit table configuration, and export audit logs to the local machine1.
The other options are incorrect or irrelevant. Users is a page that allows the administrator to manage the users and roles in the Carbon Black Cloud console, not to view the Live Response activities and commands. Notifications is a page that allows the administrator to view and manage the notifications from the Carbon Black Cloud console, such as alerts, recommendations, and messages, not to view the Live Response activities and commands. Inbox is a page that allows the administrator to view and manage the messages from the Carbon Black Cloud console, such as product updates, announcements, and feedback requests, not to view the Live Response activities and commands. References:
- Audit Logs - VMware Docs, Overview section.