New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

VMware 5V0-93.22 VMware Carbon Black Cloud Endpoint Standard Skills Exam Practice Test

Page: 1 / 6
Total 60 questions

VMware Carbon Black Cloud Endpoint Standard Skills Questions and Answers

Question 1

An administrator has dismissed a group of alerts and ticked the box for "Dismiss future instances of this alert on all devices in all policies". There is also a Notification configured to email the administrator whenever an alert of the same Severity occurs. The following day, a new alert is added to the same group of alerts.

How will this alert be handled?

Options:

A.

The alert will show when the Dismissed filter is selected on the Alerts page, and a Notification email will be sent.

B.

The alert will show when the Dismissed filter is selected on Alerts page, but a Notification email will not be sent.

C.

The alert will show when the Not Dismissed filter is selected on Alerts page, and a Notification email will be sent.

D.

The alert will show when Not Dismissed filter is selected on Alerts page, but a Notification email will not be sent.

Question 2

An organization has the following requirements for allowing application.exe:

Question # 2Must not work for any user's D:\ drive

Question # 2Must allow running only from inside of the user's Temp\Allowed directory

Question # 2Must not allow running from anywhere outside of Temp\Allowed

For example, on one user's machine, the path is C:\Users\Lorie\Temp\Allowed\application.exe.

Which path meets this criteria using wildcards?

Options:

A.

C:\Users\?\Temp\Allowed\application.exe

B.

C:\Users\*\Temp\Allowed\application.exe

C.

*:\Users\**\Temp\Allowed\application.exe

D.

*:\Users\*\Temp\Allowed\application.exe

Question 3

The administrator has configured a permission rule with the following options selected:

Application at path: C:\Program Files\**

Operation Attempt: Performs any operation

Action: Bypass

What is the impact, if any, of using the wildcards in the application at path field?

Options:

A.

Executable files in the "Program Files" directory and subdirectories will be ignored.

B.

Executable files in the "Program Files" directory will be blocked.

C.

Executable files in the "Program Files" directory will be logged.

D.

Executable files in the "Program Files" directory will be subject to blocking rules.

Question 4

An administrator wants to find information about real-world prevention rules that can be used in VMware Carbon Black Cloud Endpoint Standard.

How can the administrator obtain this information?

Options:

A.

Refer to an external report from other security vendors to obtain solutions.

B.

Refer to the TAU-TIN's on the VMware Carbon Black community page.

C.

Refer to the VMware Carbon Black Cloud sensor install guide.

D.

Refer to VMware Carbon Black Cloud user guide.

Question 5

Which port does the VMware Carbon Black sensor use to communicate to VMware Carbon Black Cloud?

Options:

A.

443

B.

80

C.

8443

D.

22

Question 6

An administrator needs to configure a policy for macOS and Linux Sensors, not enabling settings which are only applicable to Windows.

Which three settings are only applicable to Sensors on the Windows operating system? (Choose three.)

Options:

A.

Delay execute for cloud scan

B.

Allow user to disable protection

C.

Submit unknown binaries for analysis

D.

Expedited background scan

E.

Scan execute on network drives

F Require code to uninstall sensor

Question 7

A VMware Carbon Black managed endpoint is showing up as an inactive device in the console.

What is the threshold, in days, before a machine shows as inactive?

Options:

A.

7 days

B.

90 days

C.

60 days

D.

30 days

Question 8

What is a security benefit of VMware Carbon Black Cloud Endpoint Standard?

Options:

A.

A flexible query scheduler that can be used to gather information about the environment

B.

Visibility into the entire attack chain and customizable threat intelligence that can be used to gain insight into problems

C.

Customizable threat feeds that plug into a single agent and single console

D.

Policy rules that can be tested by selecting test rule next to the desired operation attempt

Question 9

An administrator would like to proactively know that something may get blocked when putting a policy rule in the environment.

How can this information be obtained?

Options:

A.

Search the data using the test rule functionality.

B Examine log files to see what would be impacted

B.

Put the rules in and see what happens to the endpoints.

D Determine what would happen based on previously used antivirus software

Question 10

Which VMware Carbon Black Cloud integration is supported for SIEM?

Options:

A.

SolarWinds

B.

LogRhythm

C.

Splunk App

D.

Datadog

Question 11

What is a security benefit of VMware Carbon Black Cloud Endpoint Standard?

Options:

A.

Events and alerts are tagged with Carbon Black TTPs to provide context around attacks.

B.

Firewall rule configuration are provided in the environment.

C.

Data leakage protection (DLP) is enforced on endpoints or subsets of endpoints.

D.

Customized threat feeds can be combined with other outside threat intelligence sources.

Question 12

An administrator has been tasked with preventing the use of unauthorized USB storage devices from being used in the environment.

Which item needs to be enabled in order to enforce this requirement?

Options:

A.

Enable the Block access to all unapproved USB devices within the policies option.

B.

Choose to disable USB device access on each endpoint from the Inventory page.

C.

Select the option to block USB devices from the Reputation page.

D.

Elect to approve only allowed USB devices from the USB Devices page.

Question 13

An administrator wants to block an application by its path instead of reputation. The following steps have already been taken:

Go to Enforce > Policies > Select the desired policy >

Which additional steps must be taken to complete the task?

Options:

A.

Click Enforce > Add application path name

B.

Scroll down to the Permissions section > Click Add application path > Enter the path of the desired application

C.

Scroll down to the Blocking and Isolation section > Click Edit (pencil icon) for the desired Reputation

D.

Scroll down to the Blocking and Isolation section > Click Add application path > Enter the path of the desired application

Question 14

The administrator has configured a permission rule with the following options selected:

Application at path: C:\Users\*\Downloads\**

Operation Attempt: Performs any operation

Action: Bypass

What is the impact, if any, of using the wildcards in the path for this rule?

Options:

A.

Any executable in the downloads directory for any user on the system will be logged and allowed to execute.

B.

No files will be ignored from the downloads directory.

C.

Any executable in the downloads directory for any user on the system will be bypassed for inspection.

D.

Any executable in the downloads directory will be prevented from executing.

Question 15

An administrator needs to add an application to the Approved List in the VMware Carbon Black Cloud console.

Which two different methods may be used for this purpose? (Choose two.)

Options:

A.

MD5 Hash

B.

Signing Certificate

C.

Application Path

D.

Application Name

E.

IT Tool

Question 16

An administrator needs to make sure all files are scanned locally upon execution.

Which setting is necessary to complete this task?

Options:

A.

On-Access File Scan Mode must be set to Aggressive.

B.

Signature Update frequency must be set to 2 hours.

C.

Allow Signature Updates must be enabled.

D.

Run Background Scan must be set to Expedited.

Question 17

An administrator is tasked to create a reputation override for a company-critical application based on the highest available priority in the reputation list. The company-critical application is already known by VMware Carbon Black.

Which method of reputation override must the administrator use?

Options:

A.

Signing Certificate

B.

Hash

C.

Local Approved

D.

IT Tool

Question 18

A security administrator needs to review the Live Response activities and commands that have been executed while performing a remediation process to the sensors.

Where can the administrator view this information in the console?

Options:

A.

Users

B.

Audit Log

C.

Notifications

D.

Inbox

Page: 1 / 6
Total 60 questions