[Feb 09, 2022] 5V0-91.20 Dumps Full Questions - Exam Study Guide [Q19-Q39]

[Feb 09, 2022] 5V0-91.20 Dumps Full Questions - Exam Study Guide

VMware Carbon Black EndPoint Protection 2021  Free Certification Exam Material from Prep4sures with 115 Questions

NEW QUESTION 19
Carbon Black App Control maintains an inventory of all interesting (executable) files on endpoints where the agent is installed.
What is the initial inventory procedure called, and how can this process be triggered?

• A. Initialization; move agent out of Disabled mode
• B. Inventorying; enable Discovery mode
• C. Discovery; place agent into Disabled mode
• D. Baselining; install the agent

Answer: B

 

NEW QUESTION 20
How is a new Alert of type Event Alert created whenever an endpoint is added or deleted and send emails for the App Control admin whenever these events occur?

• A. Add filter in Event Properties for Subtype Computer modified. Add the App Control admin email, and then click Create & Exit.
• B. Add filter in Event Properties for Subtype Endpoint added and Endpoint deleted. Click Create and add the App Control admin email, and then click Create &. Exit.
• C. Add filter in Event Properties for Subtype Computer added and Computer deleted. Click Create and add the App Control admin email, and then click Create & Exit.
• D. Add filter in Event Properties for Subtype Computer added and Computer deleted. Add the App Control admin email, and then click Create & Exit.

Answer: A

 

NEW QUESTION 21
What occurs when an administrator selects "Enable private logging level" in Sensor Settings under Policy?

• A. Domain names are obfuscated.
• B. Script Files that have unknown reputations are not uploaded.
• C. Live Response is disabled.
• D. Delay execute for cloud scan is disabled.

Answer: B

 

NEW QUESTION 22
How long will Live Queries in Carbon Black Audit and Remediation run before timing out?

• A. 30 days
• B. 7 days
• C. 180 days
• D. 14 days

Answer: B

 

NEW QUESTION 23
A process is writing numerous interesting files that never actually execute.
Which rule type can the administrator define that will prevent reporting these file creations?

• A. Execute Ignore
• B. Expert (Tag Process, Terminate Process)
• C. Performance Optimization
• D. File Creation Control (Suppress)

Answer: C

 

NEW QUESTION 24
An alert for a device running a proprietary application is tied to a vital business operation.
Which action is appropriate to take?

• A. Terminate the process.
• B. Quarantine the device.
• C. Deny the operation.
• D. Add the application to the Approved List.

Answer: D

 

NEW QUESTION 25
How often do watchlists run?

• A. Every 10 minutes
• B. Every 5 minutes
• C. Every 30 minutes
• D. Watchlists can be configured to run at scheduled intervals

Answer: D

 

NEW QUESTION 26
Which two statements are true about Carbon Black alerts? (Choose two.)

• A. Once dismissed, the action cannot be undone.
• B. Carbon Black does not generate alerts.
• C. They can be grouped together.
• D. Once received, it can be dismissed in bulk.
• E. They are stored for 15 days.

Answer: B,E

 

NEW QUESTION 27
Refer to the exhibit:

Which two statements are true about Carbon Black Live Response (CBLR)? (Choose two.)

• A. CBLR is enabled.
• B. A CBLR session is established.
• C. A CBLR session is not attached.
• D. A CBLR session already exists.
• E. CBLR is disabled.

Answer: C,D

 

NEW QUESTION 28
Given the following query:
SELECT * FROM users WHERE UID >= 500;
Which statement is correct?

• A. This query returns all accounts found on systems.
• B. This query is missing a parameter for validity.
• C. This query limits the number of columns to display in the results.
• D. This query filters results sent to the cloud.

Answer: C

 

NEW QUESTION 29
Which strategy should be used to purge inactive bans from the web console?

• A. Run the cbbannlng script on the EDR server
• B. Go to the hashes page on the web console and remove them
• C. Use a pre-configured system cron job daily to remove them
• D. Schedule an add-hoc cron job to remove

Answer: A

 

NEW QUESTION 30
An administrator needs to manage a group of sensors from within the console.
Which three actions are available for sensors within the Sensor Group? (Choose three.)

• A. Share Settings
• B. Restart
• C. Disable
• D. Uninstall
• E. Move to group
• F. Ban

Answer: B,D,E

 

NEW QUESTION 31
An analyst is investigating an alert within Enterprise EDR on the process analysis page. The process tree can be seen below:

Which statement accurately characterizes this situation?

• A. The solid line between the nodes denotes a process was injected into by another process.
• B. The analyst navigated to this process analysis page from the wscrlpt.exe process.
• C. Conhost.exe has one or more child processes.
• D. Several nodes in this process tree have watchlist hits.

Answer: A

 

NEW QUESTION 32
An administrator is searching for any child processes of email clients with this query in Carbon Black Enterprise EDR:
parent_name:outlook.exe OR parent_name:thunderbird.exe OR parent_name:eudora.exe The administrator would like to modify this query to only show child processes that do not have a known reputation in the Carbon Black Cloud.
Which search field can be added to the query to show the desired results?

• A. process_integrity_level
• B. process_privileges
• C. process_cloud_reputation
• D. process_reputation

Answer: D

 

NEW QUESTION 33
An authorized administrator plans to remove the App Control agent from a computer.
Which Enforcement Level must a computer be in before the agent can be uninstalled?

• A. Visibility
• B. Low Enforcement
• C. None (Disabled)
• D. Any Enforcement Level

Answer: D

 

NEW QUESTION 34
At which three frequencies may a Carbon Black Audit and Remediation administrator schedule the run of Live Queries? (Choose three.)

• A. Weekly
• B. Daily
• C. Monthly
• D. Hourly
• E. Any frequency
• F. Bi-Weekly

Answer: A,B,C

 

NEW QUESTION 35
A process wrote an executable file as detailed in the following event:

Which rule type should be used to ensure that files of the same name and path, written by that process in the future, will not be blocked when they execute?

• A. File Creation Control
• B. Trusted Publisher
• C. Advances (Write-Ignore)
• D. Trusted Path

Answer: A

 

NEW QUESTION 36
A company wants to implement the strictest security controls for computers on which the software seldom changes (i.e., servers or single-purpose systems).
Which Enforcement Level is the most fitting?

• A. Low Enforcement
• B. High Enforcement
• C. None (Visibility)
• D. Medium Enforcement

Answer: B

 

NEW QUESTION 37
An analyst has investigated two alerts on two separate HR workstations and found that notepad.exe has established communication to another IP address.
Which rule will kill notepad.exe entirely if this activity is detected in the future?

• A. **/system32/notepad.exe--> Communicates over the network --> Deny operation
• B. **\system32\notepad.exe --> Runs or is Running --> Deny operation
• C. **/system32/notepad.exe --> Runs or is Running --> Terminate process
• D. **\system32\notepad.exe --> Communicates over the network --> Terminate process

Answer: C

 

NEW QUESTION 38
An analyst is investigating a specific alert in Endpoint Standard. The analyst selects the investigate button from the alert triage page and sees the following:

Which statement accurately characterizes this situation?

• A. The events shown will all have the same event ID, correlating them to the alert.
• B. These events are tied to an observed alert within the user interface.
• C. The policy had no blocking and isolation rules set.
• D. Each event listed contributed to the overall alert score and severity.

Answer: D

 

NEW QUESTION 39
......

Dumps Brief Outline Of The 5V0-91.20 Exam: https://www.prep4sures.top/5V0-91.20-exam-dumps-torrent.html