VMware 5V0-91.20 - VMware Carbon Black Portfolio Skills Exam
Page: 2 / 12
Total 56 questions
Question #6 (Topic: Topic 1)
A Carbon Black administrator received an alert for an untrusted hash executing in the environment.
Which two information items are found in the alert pane? (Choose two.)
Which two information items are found in the alert pane? (Choose two.)
A. Launch Live Query
B. Launch process analysis
C. User quarantine
D. Add hash to banned list
E. IOC short name
Answer: AB
Question #7 (Topic: Topic 1)
An administrator observes the following event detail in the Investigate tab for an application with an unknown reputation making network connections:
[VMware-5V0-91.20-1.0/xmlfile-5_1.jpg]
Upon further review of the event details returned, the reputation is observed as NOT_LISTED, and the applied (cloud) reputation is UNKNOWN.
Why is the applied (cloud) reputation UNKNOWN and not NOT_LISTED?
[VMware-5V0-91.20-1.0/xmlfile-5_1.jpg]
Upon further review of the event details returned, the reputation is observed as NOT_LISTED, and the applied (cloud) reputation is UNKNOWN.
Why is the applied (cloud) reputation UNKNOWN and not NOT_LISTED?
A. The sensor demoted the local reputation from UNKNOWN to NOT_LISTED based on the coud reputation.
B. NOT_LISTED was applied by the sensor after observing no cloud reputation, as evidenced by the applied cloud reputation UNKNOWN.
C. The application was UNKNOWN at the time of the event but then later determined to be NOT_LISTED.
D. The sensor demoted the local reputation from NOT_LISTED to UNKNOWN based on the cloud reputation.
Answer: C
Question #8 (Topic: Topic 1)
In which two ways can the tamper protection on an App Control agent be disabled when diagnosing agent issues or removing the agent? (Choose two.)
A. From the Computer Details page on the web console
B. From the Files on Computers page on the web console
C. Run authenticated DasCLI on Windows command prompt
D. Run RepCLI on Windows command prompt
E. From the File Catalog page on the web console
Answer: AC
Question #9 (Topic: Topic 1)
Which Sensor Status under Endpoint Health indicates that a system's policy enforcement is disabled, and the sensor is not sending security event data to the
cloud?
cloud?
A. Quarantined
B. Deregistered
C. Inactive
D. Bypass
Answer: D
Question #10 (Topic: Topic 1)
An Enterprise EDR administrator has created a custom Watchiist and wants to add a custom query to a report in the custom Watchiist.
From which page can the administrator add this custom query?
From which page can the administrator add this custom query?
A. Policies
B. Watchlists
C. Investigate
D. Cloud Analysis
Answer: C
