VMware 5V0-91.20 시험

Question No : 1

An alert for a device running a proprietary application is tied to a vital business operation.
Which action is appropriate to take?

• A.Add the application to the Approved List.
• B.Terminate the process.
• C.Deny the operation.
• D.Quarantine the device.

답을 확인하기

정답:

Question No : 2

When executing a program in App Control, the notification message informs the user that the file is not approved with an option to request approval.
Which Enforcement level is currently enacted?

• A.High
• B.Low
• C.Medium
• D.Default

답을 확인하기

정답:

Question No : 3

Refer to the exhibit:



Which two logic statements correctly explain filtering within the UI? (Choose two.)

• A.Filtering between fields is a logical OR
• B.Filtering within the same field is a logical AND
• C.Filtering between fields is a logical AND
• D.Filtering between fields is a logical XOR
• E.Filtering within the same field is a logical OR

답을 확인하기

정답:

Question No : 4

What is the maximum number of binaries (hashes) that can be banned using the web console?

• A.500
• B.600
• C.300
• D.400

답을 확인하기

정답:

Question No : 5

A Carbon Black administrator received an alert for an untrusted hash executing in the environment.
Which two information items are found in the alert pane? (Choose two.)

• A.Launch Live Query
• B.Launch process analysis
• C.User quarantine
• D.Add hash to banned list
• E.IOC short name

답을 확인하기

정답:

Question No : 6

An administrator wants to find instances where the binary Is unsigned.
Which term will accomplish this search?

• A.NOT process_publisher:FILE_SIGNATURE_STATE_SIGNED
• B.NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNED
• C.process_publisher_state:FILE_SIGNATURE_STATE_NOT_SIGNED
• D.process_publisher:FILE_SIGNATURE_STATE_NOT_SIGNED

답을 확인하기

정답:

Question No : 7

An administrator receives an alert with the TTP DATA_TO_ENCRYPTION.
What is known about the alert based on this TTP even if other parts of the alert are unknown?

• A.A process attempted to delete encrypted data on the disk.
• B.A process attempted to write a file to the disk.
• C.A process attempted to modify a monitored file written by the sensor.
• D.A process attempted to transfer encrypted data on the disk over the network.

답을 확인하기

정답:

Question No : 8

An organization leverages a commonly used software distribution tool to manage deployment of enterprise software and updates. Custom rules are a suitable option to ensure the approval of files delivered by this tool.
Which other trust mechanism could the organization configure for large-scale approval of these files?

• A.Windows Update
• B.Trusted Distributor
• C.Local Approval Mode
• D.Rapid Config

답을 확인하기

정답:
Explanation:
Reference: https://uit.stanford.edu/service/cbprotect/approval-mechanisms

Question No : 9

Which statement is true when searching through the EDR server UI?

• A.The backslash \ is the character to escape characters.
• B.Whitespaces between search terms imply the OR operator.
• C.The percent symbol % is the character to represent a wildcard.
• D.The exclamation point ! is the character to represent negation.

답을 확인하기

정답:

Question No : 10

What is the meaning, if any, of the event Report write (removable media)?

• A.This event would never occur. App Control does not report activity on removable media.
• B.A Policy’s device control setting ‘Block writes to unapproved removable media’ is set to Report Only. The event details show the process, file name, and hash modified or deleted on the removable media.
• C.A Policy’s device control setting ‘Block writes to unapproved removable media’ is set to Report Only. The event details show the process and file name modified or deleted on the unapproved removable media.
• D.A Policy’s device control setting ‘Block writes to unapproved removable media’ is set to Enabled. The event details show the process, file name, and hash modified or deleted on the removable media.

답을 확인하기

정답:

Question No : 11

A process wrote an executable file as detailed in the following event:



Which rule type should be used to ensure that files of the same name and path, written by that process in the future, will not be blocked when they execute?

• A.Trusted Path
• B.File Creation Control
• C.Advances (Write-Ignore)
• D.Trusted Publisher

답을 확인하기

정답:

Question No : 12

An Endpoint Standard analyst runs the query in the graphic below:



Which three statements are true from the results shown? (Choose three.)

• A.The process is a PowerShell process running a script with a .ps1 extension.
• B.The process has a threat score greater than 4.
• C.The process made a network connection to another system.
• D.The process had a NOT_LISTED reputation at the time the event occurred.
• E.The process was run under the NT_AUTHORITY\SYSTEM user context.
• F.The process was able to inject code into another process.

답을 확인하기

정답:

Question No : 13

CORRECT TEXT
Why would a sensor have a status of "Inactive"?

• A.The sensor has not checked in within the last 30 days.
• B.The sensor has been uninstalled from the endpoint for more than 30 days.
• C.The device has been put in bypass for the last 30 days.
• D.The sensor has been in disabled mode for more than 30 days.

답을 확인하기

정답:

Question No : 14

A process has created a number of interesting (executable) files in one sequence.
In addition to the event Subtype 'New Unapproved File to Computer', what other event subtype is likely to be associated with this sequence?

• A.File Upload Completed
• B.New File Discovered on Startup
• C.File Group Created
• D.File Properties Modified

답을 확인하기

정답:

Question No : 15

An incorrectly constructed watchlist generates 10,000 incorrect alerts.
How should an administrator resolve this issue?

• A.Delete the watchlist to automatically clear the alerts, and then create a new watchlist with the correct criteria.
• B.From the Triage Alerts Page, use the facets to select the watchlist, click the Wrench button to “Mark all as Resolved False Positive”, and then update the watchlist with the correct criteria.
• C.Update the Triage Alerts Page to show 200 alerts, click the Select All Checkbox, click the “Dismiss Alert(s)” button for each page, and then update the watchlist with the correct criteria.
• D.From the Watchlists Page, select the offending watchlist, click “Clear Alerts” from the Action menu, and then update the watchlist with the correct criteria.

답을 확인하기

정답: