• Home
  • Articles
  • Pass Exam Questions Efficiently With 5V0-93.22 Questions (2024) [Q29-Q54]

Pass Exam Questions Efficiently With 5V0-93.22 Questions (2024) [Q29-Q54]

Share

Pass Exam Questions Efficiently With 5V0-93.22 Questions (2024) 

5V0-93.22 Questions - Truly Beneficial For Your VMware Exam 


The VMware Carbon Black Cloud Endpoint Standard Skills certification exam is intended for IT professionals who have experience working with endpoint protection solutions and are looking to enhance their skills and knowledge. 5V0-93.22 exam is designed to test the candidate's ability to manage and configure endpoint protection solutions using the VMware Carbon Black Cloud Endpoint Standard. Candidates who pass the exam will be able to demonstrate their expertise in managing endpoint security, detecting and analyzing threats, and responding to security incidents.

 

NEW QUESTION # 29
An administrator wants to block ransomware in the organization based on leadership's growing concern about ransomware attacks in their industry.
What is the most effective way to meet this goal?

  • A. Look at current attacks to see if the software that is running is vulnerable to potential ransomware attacks.
  • B. Start in the monitored policy until it is clear that no attacks are happening.
  • C. Recognize that analytics will automatically block the attacks that may occur.
  • D. Turn on the performs ransomware-like behavior rule in the policies.

Answer: D


NEW QUESTION # 30
Which permission level is required when a user wants to install a sensor on a Windows endpoint?

  • A. Administrator
  • B. Root
  • C. User
  • D. Everyone

Answer: A


NEW QUESTION # 31
A user downloaded and executed malware on a system. The malware is actively exfiltrating data.
Which immediate action is recommended to prevent further exfiltration?

  • A. Request upload of the file for analysis.
  • B. Check Security Advisories and Threat Research contents.
  • C. Place the device in quarantine.
  • D. Run a background scan.

Answer: C


NEW QUESTION # 32
An administrator is tasked to create a reputation override for a company-critical application based on the highest available priority in the reputation list. The company-critical application is already known by VMware Carbon Black.
Which method of reputation override must the administrator use?

  • A. Local Approved
  • B. Signing Certificate
  • C. Hash
  • D. IT Tool

Answer: B


NEW QUESTION # 33
A security administrator needs to review the Live Response activities and commands that have been executed while performing a remediation process to the sensors.
Where can the administrator view this information in the console?

  • A. Audit Log
  • B. Notifications
  • C. Users
  • D. Inbox

Answer: A

Explanation:
Explanation
The security administrator can view the Live Response activities and commands that have been executed while performing a remediation process to the sensors in the Audit Log page in the VMware Carbon Black Cloud Endpoint Standard console. The Audit Log page allows the administrator to review actions performed by Carbon Black Cloud console users, such as logging in, creating policies, banning hashes, isolating devices, and initiating Live Response sessions. The administrator can use various filters and keywords to narrow down the log scope and find the relevant entries. For example, the administrator can use the following keyword to find all the Live Response activities and commands:
live-response
This keyword will return all the log entries that contain the term live-response, which indicates that the action was related to the Live Response feature. The administrator can also use the following fields to refine the search results:
User: The name of the user who performed the action.
Action: The type of action that was performed, such as login, create, update, delete, enable, disable, and so on.
Object: The object that was affected by the action, such as policy, device, hash, and so on.
Date: The date and time range when the action was performed.
The administrator can also modify the level of granularity of the log entries, expand the log scope, limit the log scope to keywords, modify the audit table configuration, and export audit logs to the local machine1.
The other options are incorrect or irrelevant. Users is a page that allows the administrator to manage the users and roles in the Carbon Black Cloud console, not to view the Live Response activities and commands.
Notifications is a page that allows the administrator to view and manage the notifications from the Carbon Black Cloud console, such as alerts, recommendations, and messages, not to view the Live Response activities and commands. Inbox is a page that allows the administrator to view and manage the messages from the Carbon Black Cloud console, such as product updates, announcements, and feedback requests, not to view the Live Response activities and commands. References:
Audit Logs - VMware Docs, Overview section.


NEW QUESTION # 34
An organization has found application.exe running on some machines in their Workstations policy.
Application.exe has a SUSPECT_MALWARE reputation and runs from C:\Program Files\IT\Tools. The Workstations policy has the following rules which could apply:
Blocking and Isolation Rule
Application on the company banned list > Runs or is running > Deny
Known malware > Runs or is running > Deny
Suspect malware > Runs or is running > Terminate
Permissions Rule
C:\Program Files\IT\Tools\* > Performs any operation > Bypass
Which action, if any, should an administrator take to ensure application.exe cannot run?

  • A. Add the hash to the company banned list at a higher priority.
  • B. No action needs to be taken as the file will be blocked based on reputation alone.
  • C. Remove the Permissions rule for C:\Program FilesMTVToolsV.
  • D. Change the reputation to KNOWN MALWARE to a higher priority.

Answer: C

Explanation:
Explanation
The action that an administrator should take to ensure application.exe cannot run is to remove the Permissions rule for C:\Program Files\IT\Tools*. This is because the Permissions rule has a higher priority than the Blocking and Isolation rule, and it allows any operation on any file in that path, including application.exe. By removing the Permissions rule, the Blocking and Isolation rule will apply and terminate application.exe based on its SUSPECT_MALWARE reputation. The other options are incorrect because they will not prevent application.exe from running. Option A is incorrect because changing the reputation to KNOWN MALWARE will not override the Permissions rule that allows any operation on the file. Option B is incorrect because the file will not be blocked based on reputation alone, as the Permissions rule will bypass the reputation check.
Option D is incorrect because adding the hash to the company banned list will not override the Permissions rule that allows any operation on the file. References: Precedence of Policy Rules, Set Permission Policy Rules, Set Blocking and Isolation Policy Rules


NEW QUESTION # 35
Is it possible to search for unsigned files in the console?

  • A. Yes, by using the search:
    process_publisher_state:FILE_SIGNATURE_STATE_UNSIGNED
  • B. Yes, by looking at signed and unsigned executables in the environment and seeing if another difference can be found, thus locating unsigned files in the environment.
  • C. No, it is not possible to return a query for unsigned files.
  • D. Yes, by using the search:
    NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNED

Answer: D

Explanation:
Explanation
It is possible to search for unsigned files in the VMware Carbon Black Cloud console by using the search query:
NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNED
This query will return all the processes that have a publisher state other than FILE_SIGNATURE_STATE_SIGNED, which means they are either unsigned or have an invalid signature.
The process_publisher_state field is a string that indicates the signature status of the process executable file.
The possible values for this field are:
FILE_SIGNATURE_STATE_SIGNED: The file has a valid signature.
FILE_SIGNATURE_STATE_UNSIGNED: The file does not have a signature.
FILE_SIGNATURE_STATE_INVALID: The file has a signature, but it is invalid or corrupted.
FILE_SIGNATURE_STATE_MISSING: The file signature could not be retrieved or verified.
The NOT operator is a Boolean NOT operator that negates the following term or phrase. For example, NOT svchost.exe will return all the processes that are not named svchost.exe.
Therefore, by using the NOT operator with the process_publisher_state field and the value FILE_SIGNATURE_STATE_SIGNED, we can search for unsigned files in the console. References:
Advanced Search Techniques - VMware Docs, Using Regular Expressions (regex) section, NOT Operator subsection.
Carbon Black Cloud: Search for process_publisher_s... - Carbon Black ..., The CB sensor now reinspects operating system files that appear unsigned to reverify their digital signature and avoid the tamper blocks section.


NEW QUESTION # 36
An administrator wants to prevent a spreadsheet from being misused to run malicious code, while minimizing the risk of breaking normal operations of a spreadsheet.
Which rule should be used?

  • A. **\Microsoft Office\** [Runs external code] [Terminate process]
  • B. **\excel.exe [Invokes a command interpreter] [Deny operation]
  • C. **\excel.exe [Runs malware] [Deny operation]
  • D. **/Microsoft Excel.app/** [Communicates over the network] [Terminate process]

Answer: B

Explanation:
Explanation
The best rule to prevent a spreadsheet from being misused to run malicious code, while minimizing the risk of breaking normal operations of a spreadsheet, is B. **\excel.exe [Invokes a command interpreter] [Deny operation]. This rule will prevent any Excel process from invoking a command interpreter, such as cmd.exe or powershell.exe, which is a common technique used by malware to execute malicious commands or scripts.
This rule will deny the operation but not terminate the process, which may allow the spreadsheet to continue functioning normally. This rule is more specific and effective than option A, which only applies to Microsoft Office applications that run external code, or option C, which applies to Excel applications that communicate over the network. Option D is incorrect because it is too vague and may not catch all the possible ways that a spreadsheet can run malware.


NEW QUESTION # 37
An administrator needs to use an ID to search and investigate security incidents in Carbon Black Cloud.
Which three IDs may be used for this purpose? (Choose three.)

  • A. Alert
  • B. Hash
  • C. Event
  • D. User
  • E. Threat
  • F. Sensor

Answer: A,B,F

Explanation:
The IDs that may be used to search and investigate security incidents in Carbon Black Cloud are hash, sensor, and alert.
A hash is a unique identifier for a file or process that can be used to track its activity and behavior across endpoints. A hash can be searched in the Investigate page to view its reputation, prevalence, and associated alerts.
A sensor is a unique identifier for an endpoint that has the Carbon Black Cloud agent installed. A sensor can be searched in the Endpoints page to view its status, policy, and associated alerts. A sensor can also be searched in the Investigate page to view its processes, events, and network connections.
An alert is a unique identifier for a security incident that is generated by Carbon Black Cloud based on the policy rules and threat intelligence. An alert can be searched in the Alerts page to view its details, timeline, and remediation actions. An alert can also be searched in the Investigate page to view its associated processes, events, and network connections.
A threat is not a valid ID for searching and investigating security incidents in Carbon Black Cloud. A threat is a term used to describe a malicious actor or activity that poses a risk to the organization. A threat can be detected by Carbon Black Cloud based on the threat intelligence feeds and watchlists, but it is not a unique identifier for a specific incident.
An event is not a valid ID for searching and investigating security incidents in Carbon Black Cloud. An event is a term used to describe a single action or occurrence that is recorded by the Carbon Black Cloud agent on an endpoint. An event can be viewed in the Investigate page as part of a process or alert, but it is not a unique identifier for a specific incident.
A user is not a valid ID for searching and investigating security incidents in Carbon Black Cloud. A user is a term used to describe a person who has access to the Carbon Black Cloud console or API. A user can be searched in the Users page to view their role, permissions, and activity, but they are not directly related to security incidents. References:
VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 2.1: Investigate VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 2.2: Alerts VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 2.3: Endpoints VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 2.4: Threats VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 2.5: Users


NEW QUESTION # 38
Which VMware Carbon Black Cloud integration is supported for SIEM?

  • A. Datadog
  • B. LogRhythm
  • C. SolarWinds
  • D. Splunk App

Answer: D


NEW QUESTION # 39
An administrator needs to create a search, but it must exclude "system.exe".
How should this task be completed?

  • A. *process_name:system.exe
  • B. #process_name:system.exe
  • C. <process_name:system.exe>
  • D. -process_name:system.exe

Answer: D


NEW QUESTION # 40
A security administrator needs to remediate a security vulnerability that may affect the sensors. The administrator decides to use a tool that can provide interaction and remote access for further investigation.
Which tool is being used by the administrator?

  • A. Live Response
  • B. CBLauncher
  • C. IRepCLI
  • D. PowerCLI

Answer: A


NEW QUESTION # 41
Which statement accurately characterizes Alerts that are categorized as a "Threat" versus those categorized as
"Observed"?

  • A. "Threat" indicates that no block (Deny or Terminate) has occurred. "Observed" indicates a block.
  • B. "Threat" indicates a more likely malicious event. "Observed" are less likely to be malicious.
  • C. "Threat" indicates a block (Deny or Terminate) has occurred. "Observed" indicates that there is no block.
  • D. "Threat" indicates an ongoing attack. "Observed" indicates the attack is over and is being watched.

Answer: B

Explanation:
Explanation
According to the VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, alerts are categorized as either "Threat" or "Observed" based on the severity and confidence of the event. "Threat" alerts indicate a high-severity and high-confidence event that is more likely to be malicious, such as a ransomware attack, a credential theft, or a network beacon. "Observed" alerts indicate a low-severity and low-confidence event that is less likely to be malicious, such as a suspicious registry modification, a fileless script execution, or a process injection. The categorization of alerts helps analysts prioritize their investigations and responses. References: VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, page 14, section 2.3.1. Alert Categories. [Link]


NEW QUESTION # 42
An administrator has just placed an endpoint into bypass.
What type of protection, if any, will VMware Carbon Black provide this device?

  • A. VMware Carbon Black will be uninstalled from the endpoint.
  • B. VMware Carbon Black will apply policy rules.
  • C. VMware Carbon Black will place the machine in quarantine.
  • D. VMware Carbon Black will not provide any protection to the endpoint.

Answer: D

Explanation:
Explanation
When an administrator places an endpoint into bypass mode, VMware Carbon Black Cloud Endpoint Standard will not provide any protection to the endpoint. Bypass mode is a feature that allows the administrator to disable all policy rule enforcement on the endpoint, which means that the endpoint is not actively protected by VMware Carbon Black Cloud Endpoint Standard. The sensor will ignore any malicious or suspicious activity on the endpoint and will not log any events or send any data to the Carbon Black Cloud console. The administrator can use bypass mode to troubleshoot application interoperability, bootup, or login issues on the endpoint, or to upgrade the operating system on the endpoint. The administrator can enable or disable bypass mode from the Carbon Black Cloud console, the sensor UI, or the command line. The administrator can also view the reason and duration of the bypass mode from the Carbon Black Cloud console12.
The other options are incorrect or irrelevant. VMware Carbon Black Cloud Endpoint Standard will not be uninstalled from the endpoint when it is placed into bypass mode. The sensor will still be running on the endpoint, but it will not enforce any policy rules. VMware Carbon Black Cloud Endpoint Standard will not place the machine in quarantine when it is placed into bypass mode. Quarantine is a different feature that allows the administrator to isolate the endpoint from the network, preventing any communication with other devices or external servers. VMware Carbon Black Cloud Endpoint Standard will not apply policy rules when the endpoint is placed into bypass mode. Policy rules are the settings that define how the sensor detects and prevents threats on the endpoint. Bypass mode disables all policy rule enforcement on the endpoint.
References:
Sensor Bypass Mode - VMware Docs, Overview section.
Carbon Black Cloud: How to Get Started With Bypass Mode - Carbon Black Community, Objective section.


NEW QUESTION # 43
A security administrator notices an unusual software behavior on an endpoint. The administrator immediately used the search query to collect data and start analyzing indicators to find the solution.
What is a pre-requisite step in gathering specific vulnerability data to export it as a CSV file for analysis?

  • A. Access the Audit Log content to see associated events.
  • B. Enable cloud analysis.
  • C. Perform a custom search on the Endpoint Page.
  • D. Search for specific malware byhash or filename.

Answer: C

Explanation:
Explanation
The pre-requisite step in gathering specific vulnerability data to export it as a CSV file for analysis is A.
Perform a custom search on the Endpoint Page. This step allows the security administrator to use advanced search techniques to query the endpoint data collected by the VMware Carbon Black Cloud sensors. The administrator can use various fields and operators to filter and refine the search results, such as process_name, file_name, file_path, file_type, file_description, and more. Theadministrator can also use the process tree view to visualize the process execution and the event details to examine the process activity. After performing the custom search, the administrator can export the data as a CSV file for further analysis by clicking the Export () icon and selecting CSV Report. The CSV file is available for download under the Notifications drop-down menu1.
The other options are not pre-requisite steps in gathering specific vulnerability data to export it as a CSV file for analysis. Accessing the Audit Log content to see associated events is a step that allows the administrator to review actions performed by Carbon Black Cloud console users, such as logging in, creating policies, banning hashes, isolating devices, and initiating Live Response sessions. The Audit Log does not provide specific vulnerability data for the endpoints2. Searching for specific malware by hash or filename is a step that allows the administrator to find and analyze malicious files on the endpoints, but it does not provide comprehensive vulnerability data for the endpoints. Enabling cloud analysis is a step that allows the administrator to upload file metadata and content to the Carbon Black Cloud for reputation and threat intelligence analysis, but it does not provide specific vulnerability data for the endpoints3. References:
Investigate Endpoint Data - VMware Docs, Overview section.
Audit Logs - VMware Docs, Overview section.
Cloud Analysis - VMware Docs, Overview section.


NEW QUESTION # 44
Which scenario would qualify for the "Local White" Reputation?

  • A. The hash was previously analyzed, AND it is not on any known good or bad lists.
  • B. The file was added as an IT took
  • C. The file was signed using a trusted certificate.
  • D. The hash was not on any known good or known bad lists, AND the file is signed.

Answer: C

Explanation:
Explanation
The Local White reputation is assigned to files that are either pre-existing on the device before the sensor installation, or signed by a trusted certificate, or created by an IT tool. The file signature is verified by the sensor against a list of trusted certificates that are stored locally on the device. If the file is signed by a certificate that matches one of the trusted certificates, the sensor assigns the Local White reputation to the file.
This reputation indicates that the file is trusted and allowed to run on the device. The other options are incorrect because they do not qualify for the Local White reputation. Option A is incorrect because adding a file as an IT tool does not automatically assign it the Local White reputation. The file must also be signed by a trusted certificate or pre-existing on the device. Option C is incorrect because the hash being not on any known good or bad lists is not relevant for the Local White reputation. The file must also be signed by a trusted certificate or pre-existing on the device. Option D is incorrect because the hash being previously analyzed is notrelevant for the Local White reputation. The file must also be signed by a trusted certificate or pre-existing on the device. References: Reputations Assignment for Pre-Existing Files, Reputation Assignment


NEW QUESTION # 45
Which command is used to immediately terminate a current Live Response session?

  • A. detach -q
  • B. execfg
  • C. kill
  • D. delete

Answer: A


NEW QUESTION # 46
Which statement is true regarding Blocking/Isolation rules and Permission rules?

  • A. Permission Rules are overridden by Blocking & Isolation rules
  • B. Upload Rules are overridden by Blocking & Isolation rules.
    D Blocking & Isolation rules are overridden by Permission Rules
  • C. Blocking & Isolation rules are overridden by Upload Rules.

Answer: A


NEW QUESTION # 47
An administrator wants to prevent malicious code that has not been seen before from retrieving credentials from the Local Security Authority Subsystem Service, without causing otherwise good applications from being blocked.
Which rule should be used?

  • A. [**\lsass.exe] [Scrapes memory of another process] [Deny operation]
  • B. [**/*.exe] [Scrapes memory of another process] [Terminate process]
  • C. [Not listed application] [Scrapes memory of another process] [Terminate process]
  • D. [Unknown application] [Retrieves credentials] [Terminate process]

Answer: C

Explanation:
Explanation
This rule will prevent any application that is not listed in the Carbon Black Cloud Endpoint Standard from scraping the memory of another process, which is a common technique used by malware to retrieve credentials from the Local Security Authority Subsystem Service (LSASS). This rule will terminate the process that attempts to perform this operation, thus blocking the credential theft. This rule is more specific and effective than option A, which only applies to unknown applications, or option B, which applies to all executable files regardless of their reputation. Option C is incorrect because it will only deny the operation but not terminate the process, which may allow the malware to continue running and try other methods of credential theft. References: VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Module 4:
Endpoint Standard Rules, Lesson 2: Rule Types and Actions, slide 12.


NEW QUESTION # 48
An administrator needs to add an application to the Approved List in the VMware Carbon Black Cloud console.
Which two different methods may be used for this purpose? (Choose two.)

  • A. MD5 Hash
  • B. Signing Certificate
  • C. Application Name
  • D. Application Path
  • E. IT Tool

Answer: B,D

Explanation:
Explanation
The VMware Carbon Black Cloud Endpoint Standard allows administrators to add applications to the Approved List, which approves the presence and actions of specified applications on the endpoints. Adding to the Approved List is global in its effects and applies to all policies attached to a particular version of an application. There are two different methods that can be used to add applications to the Approved List: by signing certificate or by application path.
By signing certificate: This method allows administrators to approve files that are signed by a specific certificate authority (CA) or signer. For example, if an administrator wants to approve all files that are signed by Google Inc, they can add the signer name and the CA name to the Approved List. This method is useful for approving files that are frequently updated or have dynamic names or paths.
However, administrators should be careful when using wildcards or approving certificates from untrusted sources, as this could lead to incidentally approving malicious software that appears to be signed by a trusted CA or signer.
By application path: This method allows administrators to approve files that are located in a specific path on the endpoint. For example, if an administrator wants to approve a custom application that is installed in C:\Program Files\Custom Application\, they can add the path and the file name to the Approved List. This method is useful for approving files that have a fixed name and location on the endpoint. However, administrators should be aware that this method does not account for new versions of the application, and they should routinely update the Approved List to reflect the changes.
Administrators can also use wildcards to target certain files or directories, but they should be as specific as possible to avoid approving unwanted files.
The other options are not valid methods for adding applications to the Approved List. MD5 hash is a method for adding files to the Banned List, which prevents specific files from running on the endpoints by their hash values. Application name is a method for creating permission rules, which allow or deny the presence and actions of an application only on a specific device. IT Tool is not a method, but a category of applications that are recommended to be added to the Approved List, such as software deployment tools, executable installers, IDEs, compilers, or script editors. References: Adding to the Approved List, Endpoint Standard: How to add a Certificate to the Approved List, Endpoint Standard: How to add a SHA256 hash to Approved/Banned List


NEW QUESTION # 49
What is a security benefit of VMware Carbon Black Cloud Endpoint Standard?

  • A. Policy rules that can be tested by selecting test rule next to the desired operation attempt
  • B. Visibility into the entire attack chain and customizable threat intelligence that can be used to gain insight into problems
  • C. Customizable threat feeds that plug into a single agent and single console
  • D. A flexible query scheduler that can be used to gather information about the environment

Answer: B

Explanation:
Explanation
A security benefit of VMware Carbon Black Cloud Endpoint Standard is that it provides visibility into the entire attack chain and customizable threat intelligence that can be used to gain insight into problems.
Endpoint Standard uses behavioral analytics to detect and prevent malicious activity on endpoints, and also collects comprehensive event data that can be used to investigate and respond to incidents. Endpoint Standard also allows administrators to customize their threat intelligence feeds and alerts, and integrate with other security tools and platforms. This way, administrators can gain a deeper understanding of the threats facing their organization and take appropriate actions to mitigate them. The other options are incorrect because they are not security benefits of Endpoint Standard. Option A is incorrect because a flexible query scheduler is a feature of VMware Carbon Black Audit and Remediation, not Endpoint Standard. Option C is incorrect because customizable threat feeds are a feature of VMware Carbon Black Enterprise EDR, not Endpoint Standard. Option D is incorrect because policy rules that can be tested by selecting test rule next to the desired operation attempt are a feature of VMware Carbon Black App Control, not Endpoint Standard. References: VMware Carbon Black Cloud Endpoint Standard Datasheet, Carbon Black Cloud Endpoint Standard - Technical Overview


NEW QUESTION # 50
An organization is implementing policy rules. The administrator mentions that one operation attempt must use a Terminate Process action.
Which operation attempt has this requirement?

  • A. Runs or is running
  • B. Scrapes memory of another process
    D Invokes a command interpreter
  • C. Performs ransom ware-like behavior

Answer: B

Explanation:
Explanation
The operation attempt that must use a Terminate Process action is Scrapes memory of another process. This is a policy rule in VMware Carbon Black Cloud Endpoint Standard that blocks and terminates any process that attempts to read the memory of another process. This is a common technique used by malware to steal sensitive information, such as passwords, encryption keys, or tokens, from legitimate applications. By using a Terminate Process action, the policy rule ensures that the malicious process is stopped and removed from the endpoint, preventing further damage or data exfiltration. The other operation attempts do not require a Terminate Process action, but they can use other actions, such as Alert, Deny, or Isolate Device, depending on the policy configuration and the security needs of the organization. References: Carbon Black Cloud Endpoint Standard - Technical Overview, Best Practices: Endpoint Standard Blocking & Isolation Rules, Endpoint Standard: Deny/Terminate action taken on an Allowed Application


NEW QUESTION # 51
What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?

  • A. Priority 1: Company Allowed, Priority 11: Not Listed/Adaptive White
  • B. Priority 1: Unknown, Priority 11: Ignore
  • C. Priority 1: Known Malware, Priority 11: Common White
  • D. Priority 1: Ignore, Priority 11: Unknown

Answer: D


NEW QUESTION # 52
An administrator is working in a development environment that has a policy rule applied and notices that there are too many blocks. The administrator takes action on the policy rule to troubleshoot the issue until the blocks are fixed.
Which action should the administrator take?

  • A. Recall
  • B. Unenforce
  • C. Disable
  • D. Delete

Answer: C


NEW QUESTION # 53
A VMware Carbon Black managed endpoint is showing up as an inactive device in the console.
What is the threshold, in days, before a machine shows as inactive?

  • A. 60 days
  • B. 30 days
  • C. 90 days
  • D. 7 days

Answer: B


NEW QUESTION # 54
......

Truly Beneficial For Your VMware Exam: https://www.getvalidtest.com/5V0-93.22-exam.html

Download VMware 5V0-93.22 Sample Questions: https://drive.google.com/open?id=18Gp_4n8UjbFXS4-8vvzko903ejbflFa9

Related Articles

more
VMware 5V0-93.22 Certification Practice Exam