VMware 5V0-91.20 - VMware Carbon Black Portfolio Skills Exam

Page:    1 / 12   
Total 56 questions

An administrator is troubleshooting App Control agent issues. When navigating to the Computer Details page, the administrator sees the following:


What is the status of the WINDOWS-CLIENT agent?

  • A. Connected and Up to date
  • B. Disconnected and Up to date
  • C. Connected but unsupported
  • D. Connected but health check failed


Answer : B

There is a need to ignore all activity at an application path.
Which rule definition should be used to address this need?

  • A. Application at Path, Performs any operation, Bypass
  • B. Application at Path, Runs or is Running, Bypass
  • C. Application at Path, Runs or is Running, Allow & Log
  • D. Application at Path, Performs any operation, Allow & Log


Answer : A

Reference:
https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-Console-How-to-Set-up-Exclusions-in-the/ta-p/42334

An analyst is investigating an alert within the Enterprise EDR console and needs to take action on it.
Which three actions are available to take on the alert? (Choose three.)

  • A. Ignore alert
  • B. Dismiss
  • C. Dismiss on all devices if grouping is enabled
  • D. Edit watchlist
  • E. Save report
  • F. Notifications history


Answer : BCE

Reference:
https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-How-to-Dismiss-Alerts/ta-p/51766

An administrator needs to manage a group of sensors from within the console.
Which three actions are available for sensors within the Sensor Group? (Choose three.)

  • A. Move to group
  • B. Disable
  • C. Restart
  • D. Ban
  • E. Uninstall
  • F. Share Settings


Answer : ACE

Reference:
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjttoeA3ILvAhU6QhUIHZaND-YQFjAAegQIARAD&url=https%3A
%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%2Fproduct-docs-news%2F3020%2F1%
2FCB_EDR_7.3_User_Guide.pdf&usg=AOvVaw23smt4s66MWHdv9jM2PYF-
(86)

An analyst has investigated two alerts on two separate HR workstations and found that notepad.exe has established communication to another IP address.
Which rule will kill notepad.exe entirely if this activity is detected in the future?

  • A. **\system32\notepad.exe --> Communicates over the network --> Terminate process
  • B. **\system32\notepad.exe --> Runs or is Running --> Deny operation
  • C. **/system32/notepad.exe --> Runs or is Running --> Terminate process
  • D. **/system32/notepad.exe--> Communicates over the network --> Deny operation


Answer : C

Reference:
https://www.google.com/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj88fL33YLvAhVQRhUIHYbdDxAQFjABegQIARAD&url=https%3A%2F%
2Fwww.carbonblack.com%2Fblog%2Fcb-threatsight-investigation-reveals-retadup-worm-leverages-autoit-launch-monero-cryptomining-campaign%
2F&usg=AOvVaw0De3tmD7FlQSs8VNMVsH7u

Page:    1 / 12   
Total 56 questions