New Year Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

5V0-93.22 VMware Carbon Black Cloud Endpoint Standard Skills Questions and Answers

Questions 4

An administrator wants to be notified when particular Tactics, Techniques, or Procedures (TTPs) are observed on a managed endpoint.

Which notification option must the administrator configure to receive this notification?

Options:

A.

Alert that crosses a threshold with the "observed" option selected

B.

Alert that includes specific TTPs

C.

Alert for a Watchlist hit

D.

Policy action that is enforced with the "deny" opt ion selected

Buy Now
Questions 5

A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry.

Which components can be checked to further inspect the cause of the alert?

Options:

A.

Command lines. Device ID, and priority score

B.

Event details, command lines, and TTPs involved

C.

TTPs involved, network connections, and child path

D.

Priority score, file reputation, and timestamp

Buy Now
Questions 6

Which statement is true regarding Blocking/Isolation rules and Permission rules?

Options:

A.

Blocking & Isolation rules are overridden by Upload Rules.

B.

Permission Rules are overridden by Blocking & Isolation rules

C.

Upload Rules are overridden by Blocking & Isolation rules.

D.

D.Blocking & Isolation rules are overridden by Permission Rules

Buy Now
Questions 7

An administrator has configured a permission rule with the following options selected:

Application at path: C:\Program Files\**

Operation Attempt: Performs any operation

Action: Bypass

What is the impact, if any, of using the wildcards in the path?

Options:

A.

All executable files in the "Program Files" folder and subfolders will be ignored, includingmalware files.

B.

No Files will be ignored from the "Program Files" director/, but Malware in the "Program Files" directory will continue to be blocked.

C.

Executable files in the "Program Files" folder will be blocked.

D.

Only executable files in the "Program Files" folder will be ignored, includingmalware files.

Buy Now
Questions 8

An administrator wants to block an application by its path instead of reputation. The following steps have already been taken:

Go to Enforce > Policies > Select the desired policy >

Which additional steps must be taken to complete the task?

Options:

A.

Click Enforce > Add application path name

B.

Scroll down to the Permissions section > Click Add application path > Enter the path of the desired application

C.

Scroll down to the Blocking and Isolation section > Click Edit (pencil icon) for the desired Reputation

D.

Scroll down to the Blocking and Isolation section > Click Add application path > Enter the path of the desired application

Buy Now
Questions 9

A security administrator is tasked to enable Live Response on all endpoints in a specific policy.

What is the correct path to configure the required sensor policy setting?

Options:

A.

Enforce > Policy > Policies > Sensor

B.

Policies > Policy > Sensor > Enforce

C.

Policies > Enforce > Policy > Sensor

D.

Enforce > Policies > Policy > Sensor

Buy Now
Questions 10

What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?

Options:

A.

Priority 1: Ignore, Priority 11: Unknown

B.

Priority 1: Unknown, Priority 11: Ignore

C.

Priority 1: Known Malware, Priority 11: Common White

D.

Priority 1: Company Allowed, Priority 11: Not Listed/Adaptive White

Buy Now
Questions 11

An administrator has configured a terminate rule to prevent an application from running. The administrator wants to confirm that the new rule would have prevented a previous execution that had been observed.

Which feature should the administrator leverage for this purpose?

Options:

A.

Setup a notification based on a policy action, and then select Terminate.

B.

Utilize the Test rule link from within the rule.

C.

Configure the rule to terminate the process.

D.

Configure the rule to deny operation of the process.

Buy Now
Questions 12

A security administrator notices an unusual software behavior on an endpoint. The administrator immediately used the search query to collect data and start analyzing indicators to find the solution.

What is a pre-requisite step in gathering specific vulnerability data to export it as a CSV file for analysis?

Options:

A.

Perform a custom search on the Endpoint Page.

B.

Access the Audit Log content to see associated events.

C.

Search for specific malware byhash or filename.

D.

Enable cloud analysis.

Buy Now
Questions 13

An administrator needs to find all events on the Investigate page where the process is svchost.exe, and the path is not the standard path of C:\Windows\System32.

Which advanced search will yield these results?

Options:

A.

process_name:svchost.exe EXCLUDE process_name:C\:\\Windows\\System32

B.

process_name:svchost.exe AND NOT process_name:C:\Windows\System32

C.

process_name:svchost.exe AND NOT process_name:C\:\\Windows\\System32

D.

process_name:svchost.exe EXCLUDE process_name:C:\Windows\System32

Buy Now
Questions 14

An administrator wants to block ransomware in the organization based on leadership's growing concern about ransomware attacks in their industry.

What is the most effective way to meet this goal?

Options:

A.

Look at current attacks to see if the software that is running is vulnerable to potential ransomware attacks.

B.

Turn on the performs ransomware-like behavior rule in the policies.

C.

Recognize that analytics will automatically block the attacks that may occur.

D.

Start in the monitored policy until it is clear that no attacks are happening.

Buy Now
Questions 15

An organization has found application.exe running on some machines in their Workstations policy. Application.exe has a SUSPECT_MALWARE reputation and runs from C:\Program Files\IT\Tools. The Workstations policy has the following rules which could apply:

Blocking and Isolation Rule

5V0-93.22 Question 15Application on the company banned list > Runs or is running > Deny

5V0-93.22 Question 15Known malware > Runs or is running > Deny

5V0-93.22 Question 15Suspect malware > Runs or is running > Terminate

Permissions Rule

5V0-93.22 Question 15C:\Program Files\IT\Tools\* > Performs any operation > Bypass

Which action, if any, should an administrator take to ensure application.exe cannot run?

Options:

A.

Change the reputation to KNOWN MALWARE to a higher priority.

B.

No action needs to be taken as the file will be blocked based on reputation alone.

C.

Remove the Permissions rule for C:\Program FilesMTVToolsV.

D.

Add the hash to the company banned list at a higher priority.

Buy Now
Questions 16

What is a capability of VMware Carbon Black Cloud?

Options:

A.

Continuous and decentralized recording

B.

Attack chain visualization and search

C.

Real-time view of attackers

D.

Automation via closed SOAP APIs

Buy Now
Questions 17

A recent application has been blocked using hash ban, which is an indicator that some users attempted an unexpected activity. Even though the activity was blocked, the security administrator wants to further investigate the attempt in VMware Carbon Black Cloud Endpoint Standard.

Which page should the administrator navigate to for a graphical view of the event?

Options:

A.

Audit Log

B.

Watchlists

C.

Process Analysis

D.

Alert Triage

Buy Now
Questions 18

An administrator needs to configure a policy for macOS and Linux Sensors, not enabling settings which are only applicable to Windows.

Which three settings are only applicable to Sensors on the Windows operating system? (Choose three.)

Options:

A.

Delay execute for cloud scan

B.

Allow user to disable protection

C.

Submit unknown binaries for analysis

D.

Expedited background scan

E.

Scan execute on network drives

F Require code to uninstall sensor

Buy Now
Exam Code: 5V0-93.22
Exam Name: VMware Carbon Black Cloud Endpoint Standard Skills
Last Update: Dec 20, 2024
Questions: 60

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now 5V0-93.22 testing engine

PDF (Q&A)

$36.75  $104.99
buy now 5V0-93.22 pdf