New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

5V0-93.22 VMware Carbon Black Cloud Endpoint Standard Skills Questions and Answers

Questions 4

An organization is seeing a new malicious process that has not been seen before.

Which tool can be used to block this process?

Options:

A.

Policy rules

B.

Malware Removal

C.

Certificate banned list

D.

Live Response

Buy Now
Questions 5

What is a security benefit of VMware Carbon Black Cloud Endpoint Standard?

Options:

A.

Events and alerts are tagged with Carbon Black TTPs to provide context around attacks.

B.

Firewall rule configuration are provided in the environment.

C.

Data leakage protection (DLP) is enforced on endpoints or subsets of endpoints.

D.

Customized threat feeds can be combined with other outside threat intelligence sources.

Buy Now
Questions 6

The use of leading wildcards in a query is not recommended unless absolutely necessary because they carry a significant performance penalty for the search.

What is an example of a leading wildcard?

Options:

A.

filemod:system32/ntdll.dll

B.

filemod:system32/*ntdll.dll

C.

filemod:*/system32/ntdll.dll

D.

filemod:system32/ntdll.dll*

Buy Now
Questions 7

An administrator has determined that the following rule was the cause for an unexpected block:

[Suspected malware] [Invokes a command interpreter] [Terminate process]

All reputations for the process which was blocked show SUSPECT_MALWARE.

Which reputation was used by the sensor for the decision to terminate the process?

Options:

A.

Initial Cloud reputation

B.

Actioned reputation

C.

Current Cloud reputation

D.

Effective reputation

Buy Now
Questions 8

In which tab of the VMware Carbon Black Cloud interface can sensor status details be found?

Options:

A.

Enforce > Policies

B.

Inventory > Sensors

C.

Inventory > Endpoints

D.

Inventory > Sensor groups

Buy Now
Questions 9

Which VMware Carbon Black Cloud integration is supported for SIEM?

Options:

A.

SolarWinds

B.

LogRhythm

C.

Splunk App

D.

Datadog

Buy Now
Questions 10

An administrator has dismissed a group of alerts and ticked the box for "Dismiss future instances of this alert on all devices in all policies". There is also a Notification configured to email the administrator whenever an alert of the same Severity occurs. The following day, a new alert is added to the same group of alerts.

How will this alert be handled?

Options:

A.

The alert will show when the Dismissed filter is selected on the Alerts page, and a Notification email will be sent.

B.

The alert will show when the Dismissed filter is selected on Alerts page, but a Notification email will not be sent.

C.

The alert will show when the Not Dismissed filter is selected on Alerts page, and a Notification email will be sent.

D.

The alert will show when Not Dismissed filter is selected on Alerts page, but a Notification email will not be sent.

Buy Now
Questions 11

A VMware Carbon Black managed endpoint is showing up as an inactive device in the console.

What is the threshold, in days, before a machine shows as inactive?

Options:

A.

7 days

B.

90 days

C.

60 days

D.

30 days

Buy Now
Questions 12

An administrator needs to add an application to the Approved List in the VMware Carbon Black Cloud console.

Which two different methods may be used for this purpose? (Choose two.)

Options:

A.

MD5 Hash

B.

Signing Certificate

C.

Application Path

D.

Application Name

E.

IT Tool

Buy Now
Questions 13

What is a capability of VMware Carbon Black Cloud?

Options:

A.

Continuous and decentralized recording

B.

Attack chain visualization and search

C.

Real-time view of attackers

D.

Automation via closed SOAP APIs

Buy Now
Questions 14

A user downloaded and executed malware on a system. The malware is actively exfiltrating data.

Which immediate action is recommended to prevent further exfiltration?

Options:

A.

Check Security Advisories and Threat Research contents.

B.

Place the device in quarantine.

C.

Run a background scan.

D.

Request upload of the file for analysis.

Buy Now
Questions 15

An administrator wants to block an application by its path instead of reputation. The following steps have already been taken:

Go to Enforce > Policies > Select the desired policy >

Which additional steps must be taken to complete the task?

Options:

A.

Click Enforce > Add application path name

B.

Scroll down to the Permissions section > Click Add application path > Enter the path of the desired application

C.

Scroll down to the Blocking and Isolation section > Click Edit (pencil icon) for the desired Reputation

D.

Scroll down to the Blocking and Isolation section > Click Add application path > Enter the path of the desired application

Buy Now
Questions 16

An administrator has just placed an endpoint into bypass.

What type of protection, if any, will VMware Carbon Black provide this device?

Options:

A.

VMware Carbon Black will be uninstalled from the endpoint.

B.

VMware Carbon Black will place the machine in quarantine.

C.

VMware Carbon Black will not provide any protection to the endpoint.

D.

VMware Carbon Black will apply policy rules.

Buy Now
Questions 17

An administrator needs to find all events on the Investigate page where the process is svchost.exe, and the path is not the standard path of C:\Windows\System32.

Which advanced search will yield these results?

Options:

A.

process_name:svchost.exe EXCLUDE process_name:C\:\\Windows\\System32

B.

process_name:svchost.exe AND NOT process_name:C:\Windows\System32

C.

process_name:svchost.exe AND NOT process_name:C\:\\Windows\\System32

D.

process_name:svchost.exe EXCLUDE process_name:C:\Windows\System32

Buy Now
Questions 18

Is it possible to search for unsigned files in the console?

Options:

A.

Yes, by using the search:

NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNED

B.

No, it is not possible to return a query for unsigned files.

C.

Yes, by using the search:

process_publisher_state:FILE_SIGNATURE_STATE_UNSIGNED

D.

Yes, by looking at signed and unsigned executables in the environment and seeing if another difference can be found, thus locating unsigned files in the environment.

Buy Now
Exam Code: 5V0-93.22
Exam Name: VMware Carbon Black Cloud Endpoint Standard Skills
Last Update: Dec 27, 2024
Questions: 60
5V0-93.22 pdf

5V0-93.22 PDF

$25.5  $84.99
5V0-93.22 Engine

5V0-93.22 Testing Engine

$30  $99.99
5V0-93.22 PDF + Engine

5V0-93.22 PDF + Testing Engine

$40.5  $134.99