Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home VMware 5V0-91.20

VMware 5V0-91.20 Exam Practice Questions (P. 3)

  • Full Access (56 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #11
A security policy states to enable Live Response by default across the enterprise. However, the team identified critical systems which should not support Live
Response due to risk. The team needs to disable Live Response on selected systems.
From which page can this goal be accomplished?
  1. A
    Policy
  2. B
    API Access
  3. C
    Endpoints
  4. D
    Roles

Correct Answer:
D

Question #12
An analyst is investigating a specific alert in Endpoint Standard. The analyst selects the investigate button from the alert triage page and sees the following:

Which statement accurately characterizes this situation?
  1. A
    These events are tied to an observed alert within the user interface.
  2. B
    The policy had no blocking and isolation rules set.
  3. C
    The events shown will all have the same event ID, correlating them to the alert.
  4. D
    Each event listed contributed to the overall alert score and severity.

Correct Answer:
D

Question #13
Examine the following EDR query:
file_desc:`Windows Command Processor` AND -process_name:cmd.exe
Which process will show in the query results?
  1. A
    Any process named something other than cmd.exe with the file description of ג€Windows Command Processorג€
  2. B
    Any process with the binary file description ג€Windows Command Processorג€
  3. C
    Any process with the binary file description ג€Windows Command Processorג€ named cmd.exe
  4. D
    Any process named cmd.exe

Correct Answer:
C

Question #14
Carbon Black App Control maintains an inventory of all interesting (executable) files on endpoints where the agent is installed.
What is the initial inventory procedure called, and how can this process be triggered?
  1. A
    Inventorying; enable Discovery mode
  2. B
    Baselining; install the agent
  3. C
    Discovery; place agent into Disabled mode
  4. D
    Initialization; move agent out of Disabled mode

Correct Answer:
A
Reference:
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwic3bDN5YLvAhX3QEEAHd2MDIQQFjAAegQIBRAD&url=https
%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%2Fproduct-docs-news%2F2961%2F1%2FVMware%2520Carbon
%2520Black%2520App%2520Control%25208.5.0%2520User%2520Guide.pdf&usg=AOvVaw3es_0JTc8-_BifNR4iFiGl
(7)

Question #15
This search is entered into the process search page: notepad.exe
Which three statements about this query are true? (Choose three.)
  1. A
    Only processes named notepad.exe will be returned.
  2. B
    Since a field name is not selected, query performance will be impacted.
  3. C
    A field identifier is required for all criteria within a process search.
  4. D
    The search will fail with an error.
  5. E
    All processes containing the text notepad.exe in any default field.
  6. F
    Processes with registry modifications containing notepad.exe would be retuned.

Correct Answer:
BEF

Previous Questions Next Questions

All Pages