VMware Carbon Black Cloud Endpoint Standard Skills Questions and Answers
Question 17
What connectivity is required for VMware Carbon Black Cloud Endpoint Standard to perform Sensor Certificate Validation?
Options:
A.
TCP/443 to GoDaddy OCSP and CRL URLs (crl.godaddy.com and ocsp.godaddy.com)
B.
TCP/80 to GoDaddy OCSP and CRL URLs (crl.godaddy.com and ocsp.godaddy.com)
C.
TCP/443 to GoDaddy CRL URL (crl.godaddy.com and ocsp.godaddy.com)
D.
TCP/80 to GoDaddy CRL URL (crl.godaddy.com and ocsp.godaddy.com)
Answer:
A
Explanation:
Explanation:
The connectivity that is required for VMware Carbon Black Cloud Endpoint Standard to perform Sensor Certificate Validation is TCP/443 to GoDaddy OCSP and CRL URLs (crl.godaddy.com and ocsp.godaddy.com). Sensor Certificate Validation is a feature that allows the Carbon Black Cloud agent to verify the authenticity and validity of the certificates used by the Carbon Black Cloud services. This feature enhances the security and trust of the communication between the agent and the cloud. To perform Sensor Certificate Validation, the agent needs to access the Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) services provided by GoDaddy, the certificate authority that issues the certificates for Carbon Black Cloud. These services use the HTTPS protocol, which runs on port 443. Therefore, the agent needs to have TCP/443 connectivity to the GoDaddy OCSP and CRL URLs, which are crl.godaddy.com and ocsp.godaddy.com12.
The other options are incorrect because they do not specify the correct protocol, port, or URLs for Sensor Certificate Validation. TCP/80 is the port for HTTP, not HTTPS, and it is not used by the OCSP and CRL services. GoDaddy CRL URL is only one of the two URLs that the agent needs to access, the other one is GoDaddy OCSP URL. References:
VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Module 1: Introduction, page 1-8.
VMware Carbon Black Cloud Endpoint Standard User Guide, Chapter 2: Sensor Installation, page 17.
Question 18
What is a security benefit of VMware Carbon Black Cloud Endpoint Standard?
Options:
A.
A flexible query scheduler that can be used to gather information about the environment
B.
Visibility into the entire attack chain and customizable threat intelligence that can be used to gain insight into problems
C.
Customizable threat feeds that plug into a single agent and single console
D.
Policy rules that can be tested by selecting test rule next to the desired operation attempt
Answer:
B
Explanation:
Explanation:
A security benefit of VMware Carbon Black Cloud Endpoint Standard is that it provides visibility into the entire attack chain and customizable threat intelligence that can be used to gain insight into problems. Endpoint Standard uses behavioral analytics to detect and prevent malicious activity on endpoints, and also collects comprehensive event data that can be used to investigate and respond to incidents. Endpoint Standard also allows administrators to customize their threat intelligence feeds and alerts, and integrate with other security tools and platforms. This way, administrators can gain a deeper understanding of the threats facing their organization and take appropriate actions to mitigate them. The other options are incorrect because they are not security benefits of Endpoint Standard. Option A is incorrect because a flexible query scheduler is a feature of VMware Carbon Black Audit and Remediation, not Endpoint Standard. Option C is incorrect because customizable threat feeds are a feature of VMware Carbon Black Enterprise EDR, not Endpoint Standard. Option D is incorrect because policy rules that can be tested by selecting test rule next to the desired operation attempt are a feature of VMware Carbon Black App Control, not Endpoint Standard. References: VMware Carbon Black Cloud Endpoint Standard Datasheet, Carbon Black Cloud Endpoint Standard - Technical Overview
