VMware 5V0-93.22 Exam With Confidence Using Practice Dumps

The security administrator can view the Live Response activities and commands that have been executed while performing a remediation process to the sensors in the Audit Log page in the VMware Carbon Black Cloud Endpoint Standard console. The Audit Log page allows the administrator to review actions performed by Carbon Black Cloud console users, such as logging in, creating policies, banning hashes, isolating devices, and initiating Live Response sessions. The administrator can use various filters and keywords to narrow down the log scope and find the relevant entries. For example, the administrator can use the following keyword to find all the Live Response activities and commands:

live-response

This keyword will return all the log entries that contain the term live-response, which indicates that the action was related to the Live Response feature. The administrator can also use the following fields to refine the search results:

• User: The name of the user who performed the action.
• Action: The type of action that was performed, such as login, create, update, delete, enable, disable, and so on.
• Object: The object that was affected by the action, such as policy, device, hash, and so on.
• Date: The date and time range when the action was performed.

The administrator can also modify the level of granularity of the log entries, expand the log scope, limit the log scope to keywords, modify the audit table configuration, and export audit logs to the local machine1.

The other options are incorrect or irrelevant. Users is a page that allows the administrator to manage the users and roles in the Carbon Black Cloud console, not to view the Live Response activities and commands. Notifications is a page that allows the administrator to view and manage the notifications from the Carbon Black Cloud console, such as alerts, recommendations, and messages, not to view the Live Response activities and commands. Inbox is a page that allows the administrator to view and manage the messages from the Carbon Black Cloud console, such as product updates, announcements, and feedback requests, not to view the Live Response activities and commands. References:

• Audit Logs - VMware Docs, Overview section.

VMware Carbon Black Cloud is a cloud-native endpoint and workload protection platform that combines the intelligent system hardening and behavioral prevention needed to keep emerging threats at bay, using a single lightweight agent and an easy-to-use console. One of the capabilities of VMware Carbon Black Cloud is attack chain visualization and search, which allows users to see the full scope of an attack, from initial compromise to lateral movement, and quickly search for indicators of compromise across endpoints and workloads. References: VMware Carbon Black Cloud Endpoint Standard Skills Exam Guide, page 4; VMware Carbon Black Cloud Endpoint Standard Skills Study Guide, page 6.

 To prevent the use of unauthorized USB storage devices, the administrator needs to enable the USB Device Control feature in the VMware Carbon Black Cloud Endpoint Standard. This feature allows the administrator to approve or block specific USB devices based on their vendor ID, product ID, serial number, and device type. The administrator can also set a default action for unapproved USB devices, such as block, read-only, or allow. The administrator can manage the USB devices from the USB Devices page under the Settings menu. From this page, the administrator can view the list of USB devices that have been detected by the endpoints, and elect to approve only the allowed USB devices. The administrator can also export or import the list of approved USB devices for backup or replication purposes. References:

• VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Module 4: USB Device Control, pages 4-1 to 4-9.
• VMware Carbon Black Cloud Endpoint Standard User Guide, Chapter 11: USB Device Control, pages 147-152.