ExamGecko
Login
Home / VMware / 5V0-93.22 / List of questions
Ask Question

VMware 5V0-93.22 Practice Test - Questions Answers

List of questions

Question 1

Report Export Collapse

Which permission level is required when a user wants to install a sensor on a Windows endpoint?

Everyone
Everyone
Administrator
Administrator
Root
Root
User
User
Suggested answer: B
asked 16/09/2024
Pawel Lenart
33 questions

Question 2

Report Export Collapse

The administrator has configured a permission rule with the following options selected:

Application at path: C:\Users\*\Downloads\**

Operation Attempt: Performs any operation

Action: Bypass

What is the impact, if any, of using the wildcards in the path for this rule?

Any executable in the downloads directory for any user on the system will be logged and allowed to execute.
Any executable in the downloads directory for any user on the system will be logged and allowed to execute.
No files will be ignored from the downloads directory.
No files will be ignored from the downloads directory.
Any executable in the downloads directory for any user on the system will be bypassed for inspection.
Any executable in the downloads directory for any user on the system will be bypassed for inspection.
Any executable in the downloads directory will be prevented from executing.
Any executable in the downloads directory will be prevented from executing.
Suggested answer: C
asked 16/09/2024
Aiko Abrassart
33 questions

Question 3

Report Export Collapse

Which VMware Carbon Black Cloud process is responsible for uploading event reporting to VMware Carbon Black Cloud?

Sensor Service (RepUx
Sensor Service (RepUx
Scanner Service (scanhost)
Scanner Service (scanhost)
Scanner Service (Re
Scanner Service (Re
Sensor Service (RepMqr
Sensor Service (RepMqr
Suggested answer: D
asked 16/09/2024
Reed G Porter
28 questions

Question 4

Report Export Collapse

An administrator wants to prevent malicious code that has not been seen before from retrieving credentials from the Local Security Authority Subsystem Service, without causing otherwise good applications from being blocked.

Which rule should be used?

[Unknown application] [Retrieves credentials] [Terminate process]
[Unknown application] [Retrieves credentials] [Terminate process]
[**/*.exe] [Scrapes memory of another process] [Terminate process]
[**/*.exe] [Scrapes memory of another process] [Terminate process]
[**\lsass.exe] [Scrapes memory of another process] [Deny operation]
[**\lsass.exe] [Scrapes memory of another process] [Deny operation]
[Not listed application] [Scrapes memory of another process] [Terminate process]
[Not listed application] [Scrapes memory of another process] [Terminate process]
Suggested answer: D
asked 16/09/2024
Craig Reid
36 questions

Question 5

Report Export Collapse

An administrator wants to prevent a spreadsheet from being misused to run malicious code, while minimizing the risk of breaking normal operations of a spreadsheet.

Which rule should be used?

**\Microsoft Office\** [Runs external code] [Terminate process]
**\Microsoft Office\** [Runs external code] [Terminate process]
**\excel.exe [Invokes a command interpreter] [Deny operation]
**\excel.exe [Invokes a command interpreter] [Deny operation]
**/Microsoft Excel.app/** [Communicates over the network] [Terminate process]
**/Microsoft Excel.app/** [Communicates over the network] [Terminate process]
**\excel.exe [Runs malware] [Deny operation]
**\excel.exe [Runs malware] [Deny operation]
Suggested answer: B
asked 16/09/2024
Alejandro Ramirez Cuesta
37 questions

Question 6

Report Export Collapse

An administrator has determined that the following rule was the cause for an unexpected block:

[Suspected malware] [Invokes a command interpreter] [Terminate process]

All reputations for the process which was blocked show SUSPECT_MALWARE.

Which reputation was used by the sensor for the decision to terminate the process?

Initial Cloud reputation
Initial Cloud reputation
Actioned reputation
Actioned reputation
Current Cloud reputation
Current Cloud reputation
Effective reputation
Effective reputation
Suggested answer: D
asked 16/09/2024
Antonio Agustin Mirano
34 questions

Question 7

Report Export Collapse

What is a capability of VMware Carbon Black Cloud?

Continuous and decentralized recording
Continuous and decentralized recording
Attack chain visualization and search
Attack chain visualization and search
Real-time view of attackers
Real-time view of attackers
Automation via closed SOAP APIs
Automation via closed SOAP APIs
Suggested answer: B
asked 16/09/2024
frederic Morteau
31 questions

Question 8

Report Export Collapse

A security administrator needs to remediate a security vulnerability that may affect the sensors. The administrator decides to use a tool that can provide interaction and remote access for further investigation.

Which tool is being used by the administrator?

CBLauncher
CBLauncher
Live Response
Live Response
PowerCLI
PowerCLI
IRepCLI
IRepCLI
Suggested answer: B
asked 16/09/2024
vceplus plus
46 questions

Question 9

Report Export Collapse

A security administrator notices an unusual software behavior on an endpoint. The administrator immediately used the search query to collect data and start analyzing indicators to find the solution.

What is a pre-requisite step in gathering specific vulnerability data to export it as a CSV file for analysis?

Perform a custom search on the Endpoint Page.
Perform a custom search on the Endpoint Page.
Access the Audit Log content to see associated events.
Access the Audit Log content to see associated events.
Search for specific malware by hash or filename.
Search for specific malware by hash or filename.
Enable cloud analysis.
Enable cloud analysis.
Suggested answer: A
asked 16/09/2024
Emily Luijten
46 questions

Question 10

Report Export Collapse

A VMware Carbon Black managed endpoint is showing up as an inactive device in the console.

What is the threshold, in days, before a machine shows as inactive?

7 days
7 days
90 days
90 days
60 days
60 days
30 days
30 days
Suggested answer: D
asked 16/09/2024
Lebogang Aphane
44 questions
Total 60 questions
Go to page: of 6
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator wants to block an application by its path instead of reputation. The following steps have already been taken: Go to Enforce > Policies > Select the desired policy > Which additional steps must be taken to complete the task?
Is it possible to search for unsigned files in the console?
A user downloaded and executed malware on a system. The malware is actively exfiltrating data. Which immediate action is recommended to prevent further exfiltration?
An administrator has determined that the following rule was the cause for an unexpected block: [Suspected malware] [Invokes a command interpreter] [Terminate process] All reputations for the process which was blocked show SUSPECT_MALWARE. Which reputation was used by the sensor for the decision to terminate the process?
The use of leading wildcards in a query is not recommended unless absolutely necessary because they carry a significant performance penalty for the search. What is an example of a leading wildcard?
An administrator would like to proactively know that something may get blocked when putting a policy rule in the environment. How can this information be obtained?
A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry. Which components can be checked to further inspect the cause of the alert?
A security administrator notices an unusual software behavior on an endpoint. The administrator immediately used the search query to collect data and start analyzing indicators to find the solution. What is a pre-requisite step in gathering specific vulnerability data to export it as a CSV file for analysis?
An administrator wants to prevent a spreadsheet from being misused to run malicious code, while minimizing the risk of breaking normal operations of a spreadsheet. Which rule should be used?
An administrator wants to prevent ransomware that has not been seen before, without blocking other processes. Which rule should be used?