New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium VMware 5V0-93.22 Dumps Questions Answers

Page: 1 / 5
Total 60 questions

VMware Carbon Black Cloud Endpoint Standard Skills Questions and Answers

Question 1

Which statement is true regarding Blocking/Isolation rules and Permission rules?

Options:

A.

Blocking & Isolation rules are overridden by Upload Rules.

B.

Permission Rules are overridden by Blocking & Isolation rules

C.

Upload Rules are overridden by Blocking & Isolation rules.

D.

D.Blocking & Isolation rules are overridden by Permission Rules

Buy Now
Question 2

What is a capability of VMware Carbon Black Cloud?

Options:

A.

Continuous and decentralized recording

B.

Attack chain visualization and search

C.

Real-time view of attackers

D.

Automation via closed SOAP APIs

Question 3

An administrator has configured a terminate rule to prevent an application from running. The administrator wants to confirm that the new rule would have prevented a previous execution that had been observed.

Which feature should the administrator leverage for this purpose?

Options:

A.

Setup a notification based on a policy action, and then select Terminate.

B.

Utilize the Test rule link from within the rule.

C.

Configure the rule to terminate the process.

D.

Configure the rule to deny operation of the process.

Question 4

The use of leading wildcards in a query is not recommended unless absolutely necessary because they carry a significant performance penalty for the search.

What is an example of a leading wildcard?

Options:

A.

filemod:system32/ntdll.dll

B.

filemod:system32/*ntdll.dll

C.

filemod:*/system32/ntdll.dll

D.

filemod:system32/ntdll.dll*

Question 5

A user downloaded and executed malware on a system. The malware is actively exfiltrating data.

Which immediate action is recommended to prevent further exfiltration?

Options:

A.

Check Security Advisories and Threat Research contents.

B.

Place the device in quarantine.

C.

Run a background scan.

D.

Request upload of the file for analysis.

Question 6

An administrator has been tasked with preventing the use of unauthorized USB storage devices from being used in the environment.

Which item needs to be enabled in order to enforce this requirement?

Options:

A.

Enable the Block access to all unapproved USB devices within the policies option.

B.

Choose to disable USB device access on each endpoint from the Inventory page.

C.

Select the option to block USB devices from the Reputation page.

D.

Elect to approve only allowed USB devices from the USB Devices page.

Question 7

An administrator needs to find all events on the Investigate page where the process is svchost.exe, and the path is not the standard path of C:\Windows\System32.

Which advanced search will yield these results?

Options:

A.

process_name:svchost.exe EXCLUDE process_name:C\:\\Windows\\System32

B.

process_name:svchost.exe AND NOT process_name:C:\Windows\System32

C.

process_name:svchost.exe AND NOT process_name:C\:\\Windows\\System32

D.

process_name:svchost.exe EXCLUDE process_name:C:\Windows\System32

Question 8

A script-based attack has been identified that inflicted damage to the corporate systems. The security administrator found out that the malware was coded into Excel VBA and would like to perform a search to further inspect the incident.

Where in the VMware Carbon Black Cloud Endpoint Standard console can this action be completed?

Options:

A.

Endpoints

B.

Settings

C.

Investigate

D.

Alerts

Question 9

A VMware Carbon Black managed endpoint is showing up as an inactive device in the console.

What is the threshold, in days, before a machine shows as inactive?

Options:

A.

7 days

B.

90 days

C.

60 days

D.

30 days

Question 10

Which VMware Carbon Black Cloud process is responsible for uploading event reporting to VMware Carbon Black Cloud?

Options:

A.

Sensor Service (RepUx

B.

Scanner Service (scanhost)

C.

Scanner Service (Re

D.

Sensor Service (RepMqr

Question 11

An administrator has dismissed a group of alerts and ticked the box for "Dismiss future instances of this alert on all devices in all policies". There is also a Notification configured to email the administrator whenever an alert of the same Severity occurs. The following day, a new alert is added to the same group of alerts.

How will this alert be handled?

Options:

A.

The alert will show when the Dismissed filter is selected on the Alerts page, and a Notification email will be sent.

B.

The alert will show when the Dismissed filter is selected on Alerts page, but a Notification email will not be sent.

C.

The alert will show when the Not Dismissed filter is selected on Alerts page, and a Notification email will be sent.

D.

The alert will show when Not Dismissed filter is selected on Alerts page, but a Notification email will not be sent.

Question 12

An organization has the following requirements for allowing application.exe:

Must not work for any user's D:\ drive

Must allow running only from inside of the user's Temp\Allowed directory

Must not allow running from anywhere outside of Temp\Allowed

For example, on one user's machine, the path is C:\Users\Lorie\Temp\Allowed\application.exe.

Which path meets this criteria using wildcards?

Options:

A.

C:\Users\?\Temp\Allowed\application.exe

B.

C:\Users\*\Temp\Allowed\application.exe

C.

*:\Users\**\Temp\Allowed\application.exe

D.

*:\Users\*\Temp\Allowed\application.exe

Question 13

An administrator has configured a permission rule with the following options selected:

Application at path: C:\Program Files\**

Operation Attempt: Performs any operation

Action: Bypass

What is the impact, if any, of using the wildcards in the path?

Options:

A.

All executable files in the "Program Files" folder and subfolders will be ignored, includingmalware files.

B.

No Files will be ignored from the "Program Files" director/, but Malware in the "Program Files" directory will continue to be blocked.

C.

Executable files in the "Program Files" folder will be blocked.

D.

Only executable files in the "Program Files" folder will be ignored, includingmalware files.

Question 14

An administrator has determined that the following rule was the cause for an unexpected block:

[Suspected malware] [Invokes a command interpreter] [Terminate process]

All reputations for the process which was blocked show SUSPECT_MALWARE.

Which reputation was used by the sensor for the decision to terminate the process?

Options:

A.

Initial Cloud reputation

B.

Actioned reputation

C.

Current Cloud reputation

D.

Effective reputation

Question 15

A security administrator needs to review the Live Response activities and commands that have been executed while performing a remediation process to the sensors.

Where can the administrator view this information in the console?

Options:

A.

Users

B.

Audit Log

C.

Notifications

D.

Inbox

Question 16

A security administrator notices an unusual software behavior on an endpoint. The administrator immediately used the search query to collect data and start analyzing indicators to find the solution.

What is a pre-requisite step in gathering specific vulnerability data to export it as a CSV file for analysis?

Options:

A.

Perform a custom search on the Endpoint Page.

B.

Access the Audit Log content to see associated events.

C.

Search for specific malware byhash or filename.

D.

Enable cloud analysis.

Question 17

What connectivity is required for VMware Carbon Black Cloud Endpoint Standard to perform Sensor Certificate Validation?

Options:

A.

TCP/443 to GoDaddy OCSP and CRL URLs (crl.godaddy.com and ocsp.godaddy.com)

B.

TCP/80 to GoDaddy OCSP and CRL URLs (crl.godaddy.com and ocsp.godaddy.com)

C.

TCP/443 to GoDaddy CRL URL (crl.godaddy.com and ocsp.godaddy.com)

D.

TCP/80 to GoDaddy CRL URL (crl.godaddy.com and ocsp.godaddy.com)

Question 18

What is a security benefit of VMware Carbon Black Cloud Endpoint Standard?

Options:

A.

A flexible query scheduler that can be used to gather information about the environment

B.

Visibility into the entire attack chain and customizable threat intelligence that can be used to gain insight into problems

C.

Customizable threat feeds that plug into a single agent and single console

D.

Policy rules that can be tested by selecting test rule next to the desired operation attempt

Page: 1 / 5
Total 60 questions