Best Preparations of 5V0-91.20 Exam 2022 VMware Carbon Black EndPoint Protection 2021 Unlimited 115 Questions [Q38-Q56]

Best Preparations of 5V0-91.20 Exam 2022 VMware Carbon Black EndPoint Protection 2021 Unlimited 115 Questions

Focus on 5V0-91.20 All-in-One Exam Guide For Quick Preparation.

NEW QUESTION 38
There is a requirement to block ransomware when a sensor is offline.
Which blocking and isolation rule fulfills this requirement?

• A. Unknown Application -> Performs ransomware-like behavior -> Terminate process
• B. Known Malware -> Performs ransomware-like behavior -> Terminate process
• C. Suspect Malware -> Performs ransomware-like behavior -> Deny operation
• D. Not Listed Application -> Performs ransomware-like behavior -> Deny operation

Answer: B

 

NEW QUESTION 39
An administrator is troubleshooting App Control agent issues. When navigating to the Computer Details page, the administrator sees the following:

What is the status of the WINDOWS-CLIENT agent?

• A. Disconnected and Up to date
• B. Connected and Up to date
• C. Connected but unsupported
• D. Connected but health check failed

Answer: A

 

NEW QUESTION 40
A process has created a number of interesting (executable) files in one sequence.
In addition to the event Subtype 'New Unapproved File to Computer', what other event subtype is likely to be associated with this sequence?

• A. File Group Created
• B. File Upload Completed
• C. File Properties Modified
• D. New File Discovered on Startup

Answer: D

 

NEW QUESTION 41
Review this result after executing a query in the Process Search page, noting the circled black dot:

What is the meaning of the black dot shown under Tags?

• A. The events for the process were tagged in an investigation.
• B. The events for the process were also sent to the Syslog Server.
• C. The execution of the process resulted in feed hits.
• D. The execution of the process resulted in watchlist hits.

Answer: C

 

NEW QUESTION 42
When dismissing alerts, when should an administrator select "If alert occurs in the future, automatically dismiss it from all devices"?

• A. When the administrator wishes to apply this action to all future alerts from the device
• B. When the administrator wishes to mark the alert instance as a false positive
• C. When the administrator wishes to be notified again to this behavior
• D. When the administrator wishes to remove the alert

Answer: A

 

NEW QUESTION 43
Which reputation is processed with the lowest priority for Endpoint Standard?

• A. Known Malware
• B. Trusted White
• C. Local White
• D. Common White

Answer: A

 

NEW QUESTION 44
Which strategy should be used to purge inactive bans from the web console?

• A. Schedule an add-hoc cron job to remove
• B. Go to the hashes page on the web console and remove them
• C. Use a pre-configured system cron job daily to remove them
• D. Run the cbbannlng script on the EDR server

Answer: D

 

NEW QUESTION 45
This search is entered into the process search page: notepad.exe
Which three statements about this query are true? (Choose three.)

• A. The search will fail with an error.
• B. Since a field name is not selected, query performance will be impacted.
• C. Only processes named notepad.exe will be returned.
• D. Processes with registry modifications containing notepad.exe would be retuned.
• E. All processes containing the text notepad.exe in any default field.
• F. A field identifier is required for all criteria within a process search.

Answer: B,D,E

 

NEW QUESTION 46
An administrator runs multiple queries on tables and combines the results after the fact to correlate data. The administrator needs to combine rows from multiple tables based on data from a related column in each table.
Which SQL statement should be used to achieve this goal?

• A. JOIN
• B. AS
• C. WHERE
• D. COMBINE

Answer: A

 

NEW QUESTION 47
An administrator is concerned that someone may be using unauthorized commands from cmd.exe. These commands are not considered suspicious or malicious, and there is no policy based around them.
Which page should the administrator use to find these commands?

• A. Investigate
• B. Alerts
• C. Sensor Management
• D. Policies

Answer: C

 

NEW QUESTION 48
Given the following query:
SELECT * FROM users WHERE UID >= 500;
Which statement is correct?

• A. This query is missing a parameter for validity.
• B. This query returns all accounts found on systems.
• C. This query limits the number of columns to display in the results.
• D. This query filters results sent to the cloud.

Answer: C

 

NEW QUESTION 49
A company uses Audit and Remediation to check configurations and adhere to compliance regulations. The regulations require monthly reporting and twelve months of data retained.
How can an administrator accomplish this requirement with Audit and Remediation?

• A. Schedule the query to run monthly, and set the data retention to 12 months for the query.
• B. Schedule the query to run monthly, and configure the audit log retention to 12 months.
• C. Schedule the query to run monthly, and export the results for each run to an external location.
• D. Schedule the query to run monthly, and no further action is required.

Answer: C

 

NEW QUESTION 50
An administrator wants to find instances where the binary Is unsigned.
Which term will accomplish this search?

• A. process_publisher:FILE_SIGNATURE_STATE_NOT_SIGNED
• B. process_publisher_state:FILE_SIGNATURE_STATE_NOT_SIGNED
• C. NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNED
• D. NOT process_publisher:FILE_SIGNATURE_STATE_SIGNED

Answer: C

 

NEW QUESTION 51
An Endpoint Standard administrator finds a binary in the environment and decides to manually add the file hash to the Banned List.
Which reputation does the file now have?

• A. Known Malware
• B. Suspect/Heuristic Malware
• C. Adware/PUP Malware
• D. Company Black

Answer: B

 

NEW QUESTION 52
An administrator has configured a policy to run a standard background scan.
How long does this one-time scan take to complete on endpoints assigned to that policy?

• A. 3-5 days
• B. 1 day
• C. 30 days
• D. 180 days

Answer: C

 

NEW QUESTION 53
An active compromise is detected on an endpoint. Due to current policies, the compromise was detected but not terminated.
What would be an appropriate action to end the current communication between the device and the attacker?

• A. Place the system into bypass mode
• B. Remotely scan the endpoint
• C. Place the system into Quarantine
• D. Uninstall the sensor

Answer: A

 

NEW QUESTION 54
A company wants to implement the strictest security controls for computers on which the software seldom changes (i.e., servers or single-purpose systems).
Which Enforcement Level is the most fitting?

• A. High Enforcement
• B. None (Visibility)
• C. Medium Enforcement
• D. Low Enforcement

Answer: A

 

NEW QUESTION 55
A process wrote an executable file as detailed in the following event:

Which rule type should be used to ensure that files of the same name and path, written by that process in the future, will not be blocked when they execute?

• A. Trusted Path
• B. File Creation Control
• C. Trusted Publisher
• D. Advances (Write-Ignore)

Answer: B

 

NEW QUESTION 56
......

Guaranteed Success with 5V0-91.20 Dumps: https://www.examdumpsvce.com/5V0-91.20-valid-exam-dumps.html