Black Friday Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > VMware > Vmware Certification > 5V0-93.22

5V0-93.22 VMware Carbon Black Cloud Endpoint Standard Skills Question and Answers

Question # 4

An administrator has configured a terminate rule to prevent an application from running. The administrator wants to confirm that the new rule would have prevented a previous execution that had been observed.

Which feature should the administrator leverage for this purpose?

A.

Setup a notification based on a policy action, and then select Terminate.

B.

Utilize the Test rule link from within the rule.

C.

Configure the rule to terminate the process.

D.

Configure the rule to deny operation of the process.

Full Access
Question # 5

An organization is implementing policy rules. The administrator mentions that one operation attempt must use a Terminate Process action.

Which operation attempt has this requirement?

A.

Performs ransom ware-like behavior

B.

Runs or is running

C.

Scrapes memory of another process

D Invokes a command interpreter

Full Access
Question # 6

An administrator wants to prevent malicious code that has not been seen before from retrieving credentials from the Local Security Authority Subsystem Service, without causing otherwise good applications from being blocked.

Which rule should be used?

A.

[Unknown application] [Retrieves credentials] [Terminate process]

B.

[**/*.exe] [Scrapes memory of another process] [Terminate process]

C.

[**\lsass.exe] [Scrapes memory of another process] [Deny operation]

D.

[Not listed application] [Scrapes memory of another process] [Terminate process]

Full Access
Question # 7

An administrator needs to find all events on the Investigate page where the process is svchost.exe, and the path is not the standard path of C:\Windows\System32.

Which advanced search will yield these results?

A.

process_name:svchost.exe EXCLUDE process_name:C\:\\Windows\\System32

B.

process_name:svchost.exe AND NOT process_name:C:\Windows\System32

C.

process_name:svchost.exe AND NOT process_name:C\:\\Windows\\System32

D.

process_name:svchost.exe EXCLUDE process_name:C:\Windows\System32

Full Access
Question # 8

An administrator is tasked to create a reputation override for a company-critical application based on the highest available priority in the reputation list. The company-critical application is already known by VMware Carbon Black.

Which method of reputation override must the administrator use?

A.

Signing Certificate

B.

Hash

C.

Local Approved

D.

IT Tool

Full Access
Question # 9

An administrator needs to create a search, but it must exclude "system.exe".

How should this task be completed?

A.

#process_name:system.exe

B.

*process_name:system.exe

C.

D.

-process_name:system.exe

Full Access
Question # 10

An administrator needs to use an ID to search and investigate security incidents in Carbon Black Cloud.

Which three IDs may be used for this purpose? (Choose three.)

A.

Threat

B.

Hash

C.

Sensor

D.

Event

E.

User

F.

Alert

Full Access
Question # 11

A script-based attack has been identified that inflicted damage to the corporate systems. The security administrator found out that the malware was coded into Excel VBA and would like to perform a search to further inspect the incident.

Where in the VMware Carbon Black Cloud Endpoint Standard console can this action be completed?

A.

Endpoints

B.

Settings

C.

Investigate

D.

Alerts

Full Access
Question # 12

Is it possible to search for unsigned files in the console?

A.

Yes, by using the search:

NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNED

B.

No, it is not possible to return a query for unsigned files.

C.

Yes, by using the search:

process_publisher_state:FILE_SIGNATURE_STATE_UNSIGNED

D.

Yes, by looking at signed and unsigned executables in the environment and seeing if another difference can be found, thus locating unsigned files in the environment.

Full Access
Question # 13

An administrator has dismissed a group of alerts and ticked the box for "Dismiss future instances of this alert on all devices in all policies". There is also a Notification configured to email the administrator whenever an alert of the same Severity occurs. The following day, a new alert is added to the same group of alerts.

How will this alert be handled?

A.

The alert will show when the Dismissed filter is selected on the Alerts page, and a Notification email will be sent.

B.

The alert will show when the Dismissed filter is selected on Alerts page, but a Notification email will not be sent.

C.

The alert will show when the Not Dismissed filter is selected on Alerts page, and a Notification email will be sent.

D.

The alert will show when Not Dismissed filter is selected on Alerts page, but a Notification email will not be sent.

Full Access
Question # 14

An administrator notices that a sensor's local AV signatures are out-of-date.

What effect does this have on newly discovered files?

A.

The reputation is determined by cloud reputation.

B.

The sensor prompts the end user to allow or deny the file.

C.

The sensor automatically blocks the new file.

D.

The sensor is unable to block a malicious file.

Full Access
Question # 15

An administrator needs to add an application to the Approved List in the VMware Carbon Black Cloud console.

Which two different methods may be used for this purpose? (Choose two.)

A.

MD5 Hash

B.

Signing Certificate

C.

Application Path

D.

Application Name

E.

IT Tool

Full Access
Question # 16

A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry.

Which components can be checked to further inspect the cause of the alert?

A.

Command lines. Device ID, and priority score

B.

Event details, command lines, and TTPs involved

C.

TTPs involved, network connections, and child path

D.

Priority score, file reputation, and timestamp

Full Access
Question # 17

An administrator needs to configure a policy for macOS and Linux Sensors, not enabling settings which are only applicable to Windows.

Which three settings are only applicable to Sensors on the Windows operating system? (Choose three.)

A.

Delay execute for cloud scan

B.

Allow user to disable protection

C.

Submit unknown binaries for analysis

D.

Expedited background scan

E.

Scan execute on network drives

F Require code to uninstall sensor

Full Access
Question # 18

What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?

A.

Priority 1: Ignore, Priority 11: Unknown

B.

Priority 1: Unknown, Priority 11: Ignore

C.

Priority 1: Known Malware, Priority 11: Common White

D.

Priority 1: Company Allowed, Priority 11: Not Listed/Adaptive White

Full Access