[Jul-2021] Get 100% Real 5V0-91.20 Exam Questions, Accurate & Verified TestInsides Dumps in the Real Exam!
Pass Your VMware Carbon Black EndPoint Protection 2021 Exams Fast. All Top 5V0-91.20 Exam Questions Are Covered.
NEW QUESTION 37
Review the following query:
path:c:\program\ files\ \(x86\)\microsoft
How would this query input term be interpreted?
- A. c:rogramfilesx86icrosoft
- B. c:\program files (x86)\microsoft
- C. c:rogram files (x86)icrosoft
- D. c:\program files x86\microsoft
Answer: B
NEW QUESTION 38
An authorized administrator plans to remove the App Control agent from a computer.
Which Enforcement Level must a computer be in before the agent can be uninstalled?
- A. Low Enforcement
- B. Visibility
- C. Any Enforcement Level
- D. None (Disabled)
Answer: C
NEW QUESTION 39
A security policy states to enable Live Response by default across the enterprise. However, the team identified critical systems which should not support Live Response due to risk. The team needs to disable Live Response on selected systems.
From which page can this goal be accomplished?
- A. Endpoints
- B. Roles
- C. API Access
- D. Policy
Answer: B
NEW QUESTION 40
An analyst is investigating an alert within Enterprise EDR. The alert is tied to an unusual process name. When navigating to the binary details page, for the binary used in the alert, the analyst sees the following:
The analyst wants to find any instances of this process executing regardless of the process name used.
Which two details from the binary can be used to search for the application regardless of the seen name? (Choose two.)
- A. The publisher name
- B. The original filename
- C. The product version
- D. The binary's hash
- E. The path
Answer: C,E
NEW QUESTION 41
A watchlist generates a false positive on the Triage Alerts page, so the watchlist must be updated.
How should this task be accomplished?
- A. Open the Watchlist Page and click the pencil button associated with the watchlist.
- B. One can update watchlists from the Process Search Page.
- C. One can update watchlists directly on the Triage Alerts Page using the pencil icon.
- D. Open the process analysis page and select the Add Watchlist Exclusion option from the Actions menu.
Answer: C
NEW QUESTION 42
Refer to the exhibit:
Which two statements are true about Carbon Black Live Response (CBLR)? (Choose two.)
- A. A CBLR session is established.
- B. A CBLR session is not attached.
- C. A CBLR session already exists.
- D. CBLR is enabled.
- E. CBLR is disabled.
Answer: B,C
NEW QUESTION 43
Which reputation has the highest priority in Cloud Endpoint Standard?
- A. Adware/PUP Malware
- B. Ignore
- C. Known Malware
- D. Unknown
Answer: C
NEW QUESTION 44
What are three ways to ignore a feed report within the EDR user interface? (Choose three.)
- A. Alert Dashboard page
- B. Threat Reports Details page
- C. Search Threat Reports page
- D. Threat Intelligence Feeds page
- E. Investigations page
- F. After marking a feed alert as a false positive
Answer: B,D,F
Explanation:
Reference:
Prevent-False-Positives/ta-p/64413
NEW QUESTION 45
Which action is only available for the "Performs any operation" and "Performs any API Operation" operation attempts?
- A. Allow & Log
- B. Allow
- C. Runs or is Running
- D. Bypass
Answer: D
Explanation:
Reference:
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjClN7SwoXvAhViqnEKHbXpChUQFjAAegQIARAD& url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%
2Fproduct-docs-news%2F1413%2F3%2Fcbd-userguide.pdf&usg=AOvVaw1CU0_RmjfwbwAh68IuEKAd (90)
NEW QUESTION 46
Which statement is true about Carbon Black Live Response (CBLR)?
- A. CBLR cannot be accessed through the API.
- B. CBLR sessions do not need to wait for the next sensor check-in.
- C. CBLR is disabled by default.
- D. CBLR is only available on Windows Endpoints.
Answer: C
NEW QUESTION 47
A company uses Audit and Remediation to check configurations and adhere to compliance regulations. The regulations require monthly reporting and twelve months of data retained.
How can an administrator accomplish this requirement with Audit and Remediation?
- A. Schedule the query to run monthly, and set the data retention to 12 months for the query.
- B. Schedule the query to run monthly, and configure the audit log retention to 12 months.
- C. Schedule the query to run monthly, and export the results for each run to an external location.
- D. Schedule the query to run monthly, and no further action is required.
Answer: C
NEW QUESTION 48
An alert for a device running a proprietary application is tied to a vital business operation.
Which action is appropriate to take?
- A. Terminate the process.
- B. Quarantine the device.
- C. Deny the operation.
- D. Add the application to the Approved List.
Answer: D
NEW QUESTION 49
A Carbon Black Cloud Endpoint Standard analyst is testing different search operator combinations.
Which two queries produce the same result? (Choose two.)
- A. process_narne:chrome.exe NOT netconn_domain:google.com
- B. process_name:chrome.exe OR NOT netconn_domain:google.com
- C. process_name:chrome.exe netconn_domain:google.com
- D. process_name:chrome.exe OR netconn_domain:google.com
- E. process_name:chrome.exe AND NOT netconn_domain:google.com
Answer: A,B
NEW QUESTION 50
What occurs when an administrator selects "Enable private logging level" in Sensor Settings under Policy?
- A. Domain names are obfuscated.
- B. Script Files that have unknown reputations are not uploaded.
- C. Live Response is disabled.
- D. Delay execute for cloud scan is disabled.
Answer: B
NEW QUESTION 51
Which statement filters data to only return rows where the publisher of the software includes VMware anywhere in the name?
- A. WHERE publisher LIKE "%VMware%"
- B. WHERE publisher LIKE "VMware%"
- C. WHERE publisher = "%VMware"
- D. WHERE publisher = "%VMware%"
Answer: A
NEW QUESTION 52
An analyst is investigating a specific alert in Endpoint Standard. The analyst selects the investigate button from the alert triage page and sees the following:
Which statement accurately characterizes this situation?
- A. These events are tied to an observed alert within the user interface.
- B. The events shown will all have the same event ID, correlating them to the alert.
- C. The policy had no blocking and isolation rules set.
- D. Each event listed contributed to the overall alert score and severity.
Answer: D
NEW QUESTION 53
Review this result after executing a query in the Process Search page, noting the circled black dot:
What is the meaning of the black dot shown under Tags?
- A. The events for the process were tagged in an investigation.
- B. The execution of the process resulted in watchlist hits.
- C. The events for the process were also sent to the Syslog Server.
- D. The execution of the process resulted in feed hits.
Answer: D
NEW QUESTION 54
An analyst navigates to the alerts page in Endpoint Standard and sees the following:
What does the yellow color represent on the left side of the row?
- A. It is a threat alert and warrants immediate investigation.
- B. It is an alert from a watchlist rather than the analytics engine.
- C. It is an observed alert and may indicate suspicious behavior.
- D. It is a dismissed alert within the user interface.
Answer: B
NEW QUESTION 55
Management has directed that the SOC team be enabled to create global file bans via the App Control API.
How would this be configured in the App Control Console?
- A. Create a Role, map it to the corresponding SOC group, add permission "Manage files" to Role, and create an API token for each user in group.
- B. Add permission "Manage files" and create an API token for each SOC user.
- C. Create a Role, map to the corresponding SOC group, add permission "Manage files", and create API token for the Role.
- D. Create a Role, map to corresponding SOC group, and add permission "Manage files" to Role.
Answer: C
NEW QUESTION 56
......
Penetration testers simulate 5V0-91.20 exam: https://www.testinsides.top/5V0-91.20-dumps-review.html