5V0-91.20 by VMware Actual Free Exam Questions And Answers

Question 1

An analyst has investigated multiple alerts on a number of HR workstations and found that java.exe is attempting to PowerShell. Of the Windows workstations in question, the analyst has also found that Java is installed in multiple locations. The analyst needs to block java.exe from this type of operation.
Which rule meets this need?

A. **\java.exe -> Invokes a command interpreter -> Deny operation

B. **\Program Files\*\java.exe -> Invokes a command interpreter -> Terminate process

C. **/java.exe -> Invokes an untrusted process -> Terminate process

D. **/Program Files/*/java.exe-> Invokes an untrusted process -> Deny operation

Discussion 0

Correct Answer: B Vote an answer

Question 2

Which Live Query statement is properly constructed?

A. SELECT * FROM 'users'

B. select from users;

C. SELECT * FROM users;

D. select * from *:

Discussion 0

Correct Answer: C Vote an answer

Question 3

There is a need to ignore all activity at an application path.
Which rule definition should be used to address this need?

A. Application at Path, Runs or is Running, Bypass

B. Application at Path, Runs or is Running, Allow & Log

C. Application at Path, Performs any operation, Allow & Log

D. Application at Path, Performs any operation, Bypass

Discussion 0

Correct Answer: D Vote an answer

Question 4

What are the three available methods in VMware Carbon Black App Control by which an endpoint (agent) can be assigned to a specific policy? (Choose three.)

A. Manual policy assignment

B. By Active Directory Mapping

C. By pushing the designated GPO script

D. By installing the agent via SCCM

E. Via DASCLI command

F. By branded/policy-specific installer

Discussion 0

Correct Answer: A,B,D Vote an answer

Question 5

An analyst is investigating an alert within the Enterprise EDR console and needs to take action on it.
Which three actions are available to take on the alert? (Choose three.)

A. Dismiss

B. Notifications history

C. Edit watchlist

D. Dismiss on all devices if grouping is enabled

E. Save report

F. Ignore alert

Discussion 0

Correct Answer: A,D,E Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 6

An administrator has configured a policy to run a standard background scan.
How long does this one-time scan take to complete on endpoints assigned to that policy?

A. 1 day

B. 30 days

C. 3-5 days

D. 180 days

Discussion 0

Correct Answer: B Vote an answer

Question 7

An administrator receives an alert with the TTP DATA_TO_ENCRYPTION.
What is known about the alert based on this TTP even if other parts of the alert are unknown?

A. A process attempted to modify a monitored file written by the sensor.

B. A process attempted to transfer encrypted data on the disk over the network.

C. A process attempted to delete encrypted data on the disk.

D. A process attempted to write a file to the disk.

Discussion 0

Correct Answer: D Vote an answer

Question 8

Which enforcement level does not block unapproved files but will block files that have been specifically banned?

A. Medium Enforcement

B. Disabled

C. Visibility

D. Low Enforcement
The protection level applied to computers running the App Control
Agent. A range of levels from High (Block Unapproved) to None
(Disabled) enable you to specify the level of file blocking required.

Discussion 0

Correct Answer: B Vote an answer

VMware Carbon Black Portfolio Skills - 5V0-91.20 Exam Practice Test

Contact Us

Useful Links

Latest Updated