5V0-93.22 Exam Dumps : VMware Carbon Black Cloud Endpoint Standard Skills

Placing the device in quarantine is the recommended immediate action to prevent further exfiltration of data by the malware. Quarantine is a feature of VMware Carbon Black Cloud Endpoint Standard that allows you to isolate a device from the network, preventing any communication with other devices or external servers. This can help contain an active threat and prevent further damage. You can quarantine a device from the Devices page or from the Device Summary page. You can also unquarantine a device when the threat is resolved. References:

• VMware Carbon Black Cloud Endpoint Standard - On Demand, Module 5: Responding to Threats, Lesson 2: Quarantine a Device, slide 5.
• VMware Carbon Black Cloud Endpoint Standard, page 11, Quarantine a Device.

• The connectivity that is required for VMware Carbon Black Cloud Endpoint Standard to perform Sensor Certificate Validation is TCP/443 to GoDaddy OCSP and CRL URLs (crl.godaddy.com and ocsp.godaddy.com). Sensor Certificate Validation is a feature that allows the Carbon Black Cloud agent to verify the authenticity and validity of the certificates used by the Carbon Black Cloud services. This feature enhances the security and trust of the communication between the agent and the cloud. To perform Sensor Certificate Validation, the agent needs to access the Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) services provided by GoDaddy, the certificate authority that issues the certificates for Carbon Black Cloud. These services use the HTTPS protocol, which runs on port 443. Therefore, the agent needs to have TCP/443 connectivity to the GoDaddy OCSP and CRL URLs, which are crl.godaddy.com and ocsp.godaddy.com12.
• The other options are incorrect because they do not specify the correct protocol, port, or URLs for Sensor Certificate Validation. TCP/80 is the port for HTTP, not HTTPS, and it is not used by the OCSP and CRL services. GoDaddy CRL URL is only one of the two URLs that the agent needs to access, the other one is GoDaddy OCSP URL. References:
• VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Module 1: Introduction, page 1-8.
• VMware Carbon Black Cloud Endpoint Standard User Guide, Chapter 2: Sensor Installation, page 17.

The path that meets the criteria for allowing application.exe using wildcards is :\Users*\Temp\Allowed\application.exe. This path specifies that the executable file can run only from inside of the user’s Temp\Allowed directory, regardless of the drive letter or the user name. The wildcards used in this path are:

• *: Matches any single character or no character at all. For example, *:\ matches any drive letter, such as C:, D:, or E:.
• **: Matches a partial path across all subdirectory levels and is recursive. For example, \Users**\ matches any subdirectory under the Users directory, such as \Users\Lorie, \Users\John, or \Users\Alice\Documents.

The other paths do not meet the criteria for allowing application.exe using wildcards. A. C:\Users?\Temp\Allowed\application.exe does not allow running from any drive other than C:, and it only matches a single character for the user name, which may not be sufficient. B. C:\Users*\Temp\Allowed\application.exe does not allow running from any drive other than C:, and it may match more than one character for the user name, which may not be desired. D. *:\Users*\Temp\Allowed\application.exe allows running from any drive, but it may match more than one character for the user name, which may not be desired. References:

• Carbon Black Cloud: How to Use Wildcards in Policy Rules - Carbon Black Community, Wildcard Description table.