Download VMware.5V0-91.20.VCEplus.2021-03-05.56q.vcex

Download Exam

File Info

Exam VMware Carbon Black Portfolio Skills
Number 5V0-91.20
File Name VMware.5V0-91.20.VCEplus.2021-03-05.56q.vcex
Size 1 MB
Posted Mar 05, 2021
Download VMware.5V0-91.20.VCEplus.2021-03-05.56q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase

Coupon: MASTEREXAM
With discount: 20%





Demo Questions

Question 1

An administrator is troubleshooting App Control agent issues. When navigating to the Computer Details page, the administrator sees the following: 
   
  
What is the status of the WINDOWS-CLIENT agent?


  1. Connected and Up to date
  2. Disconnected and Up to date
  3. Connected but unsupported
  4. Connected but health check failed
Correct answer: B



Question 2

There is a need to ignore all activity at an application path. Which rule definition should be used to address this need?


  1. Application at Path, Performs any operation, Bypass
  2. Application at Path, Runs or is Running, Bypass
  3. Application at Path, Runs or is Running, Allow & Log
  4. Application at Path, Performs any operation, Allow & Log
Correct answer: A
Explanation:
Reference: https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-Console-How-to-Set-up-Exclusions-in-the/ta-p/42334
Reference: https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-Console-How-to-Set-up-Exclusions-in-the/ta-p/42334



Question 3

An analyst is investigating an alert within the Enterprise EDR console and needs to take action on it.  
Which three actions are available to take on the alert? (Choose three.)


  1. Ignore alert
  2. Dismiss
  3. Dismiss on all devices if grouping is enabled 
  4. Edit watchlist
  5. Save report
  6. Notifications history
Correct answer: BCE
Explanation:
Reference: https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-How-to-Dismiss-Alerts/ta-p/51766
Reference: https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-How-to-Dismiss-Alerts/ta-p/51766



Question 4

An administrator needs to manage a group of sensors from within the console.  
Which three actions are available for sensors within the Sensor Group? (Choose three.)


  1. Move to group
  2. Disable
  3. Restart
  4. Ban
  5. Uninstall
  6. Share Settings
Correct answer: ACE
Explanation:
Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjttoeA3ILvAhU6QhUIHZaND-YQFjAAegQIARAD&url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%2Fproduct-docs-news%2F3020%2F1%2FCB_EDR_7.3_User_Guide.pdf&usg=AOvVaw23smt4s66MWHdv9jM2PYF- (86)
Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjttoeA3ILvAhU6QhUIHZaND-YQFjAAegQIARAD&url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%2Fproduct-docs-news%2F3020%2F1%2FCB_EDR_7.3_User_Guide.pdf&usg=AOvVaw23smt4s66MWHdv9jM2PYF- (86)



Question 5

An analyst has investigated two alerts on two separate HR workstations and found that notepad.exe has established communication to another IP address.  
Which rule will kill notepad.exe entirely if this activity is detected in the future?


  1. **\system32\notepad.exe --> Communicates over the network --> Terminate process
  2. **\system32\notepad.exe --> Runs or is Running --> Deny operation
  3. **/system32/notepad.exe --> Runs or is Running --> Terminate process
  4. **/system32/notepad.exe--> Communicates over the network --> Deny operation
Correct answer: C
Explanation:
Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj88fL33YLvAhVQRhUIHYbdDxAQFjABegQIARAD&url=https%3A%2F%2Fwww.carbonblack.com%2Fblog%2Fcb-threatsightinvestigation-reveals-retadup-worm-leverages-autoit-launch-monero-cryptomining-campaign%2F&usg=AOvVaw0De3tmD7FlQSs8VNMVsH7u
Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj88fL33YLvAhVQRhUIHYbdDxAQFjABegQIARAD&url=https%3A%2F%2Fwww.carbonblack.com%2Fblog%2Fcb-threatsightinvestigation-reveals-retadup-worm-leverages-autoit-launch-monero-cryptomining-campaign%2F&usg=AOvVaw0De3tmD7FlQSs8VNMVsH7u



Question 6

A Carbon Black administrator received an alert for an untrusted hash executing in the environment.  
Which two information items are found in the alert pane? (Choose two.)


  1. Launch Live Query
  2. Launch process analysis
  3. User quarantine
  4. Add hash to banned list 
  5. IOC short name
Correct answer: AB



Question 7

An administrator observes the following event detail in the Investigate tab for an application with an unknown reputation making network connections: 
   
  
Upon further review of the event details returned, the reputation is observed as NOT_LISTED, and the applied (cloud) reputation is UNKNOWN.  
Why is the applied (cloud) reputation UNKNOWN and not NOT_LISTED?


  1. The sensor demoted the local reputation from UNKNOWN to NOT_LISTED based on the coud reputation.
  2. NOT_LISTED was applied by the sensor after observing no cloud reputation, as evidenced by the applied cloud reputation UNKNOWN.
  3. The application was UNKNOWN at the time of the event but then later determined to be NOT_LISTED.
  4. The sensor demoted the local reputation from NOT_LISTED to UNKNOWN based on the cloud reputation.
Correct answer: C
Explanation:
 
 



Question 8

In which two ways can the tamper protection on an App Control agent be disabled when diagnosing agent issues or removing the agent? (Choose two.)


  1. From the Computer Details page on the web console
  2. From the Files on Computers page on the web console
  3. Run authenticated DasCLI on Windows command prompt
  4. Run RepCLI on Windows command prompt
  5. From the File Catalog page on the web console
Correct answer: AC
Explanation:
Reference: https://community.carbonblack.com/t5/Knowledge-Base/App-Control-How-to-Disable-Enable-Tamper-Protection/ta-p/37220
Reference: https://community.carbonblack.com/t5/Knowledge-Base/App-Control-How-to-Disable-Enable-Tamper-Protection/ta-p/37220



Question 9

Which Sensor Status under Endpoint Health indicates that a system's policy enforcement is disabled, and the sensor is not sending security event data to the cloud?


  1. Quarantined
  2. Deregistered
  3. Inactive
  4. Bypass
Correct answer: D
Explanation:
Reference: https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-What-Happens-When-Bypass-has-been-Enabled-on-the/ta-p/74905
Reference: https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-What-Happens-When-Bypass-has-been-Enabled-on-the/ta-p/74905



Question 10

An Enterprise EDR administrator has created a custom Watchiist and wants to add a custom query to a report in the custom Watchiist.  
From which page can the administrator add this custom query?


  1. Policies
  2. Watchlists
  3. Investigate
  4. Cloud Analysis
Correct answer: C
Explanation:
Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwih0bWU4oLvAhX-UBUIHVBDDSUQFjAAegQIAhAD&url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%2Fproduct-docs-news%2F1913%2F18%2FEnterprise%2520EDR%2520Getting%2520Started.pdf&usg=AOvVaw2_M7opfEgUaIIfutBZChvk
Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwih0bWU4oLvAhX-UBUIHVBDDSUQFjAAegQIAhAD&url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%2Fproduct-docs-news%2F1913%2F18%2FEnterprise%2520EDR%2520Getting%2520Started.pdf&usg=AOvVaw2_M7opfEgUaIIfutBZChvk









CONNECT US

Facebook

Twitter

PROFEXAM WITH A 20% DISCOUNT

You can buy ProfExam with a 20% discount!

Get Now!


HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files