ExamGecko
Search Search Login
Home Home / VMware / 5V0-93.22

VMware 5V0-93.22 Practice Test - Questions Answers

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator wants to block an application by its path instead of reputation. The following steps have already been taken: Go to Enforce > Policies > Select the desired policy > Which additional steps must be taken to complete the task?
A user downloaded and executed malware on a system. The malware is actively exfiltrating data. Which immediate action is recommended to prevent further exfiltration?
A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry. Which components can be checked to further inspect the cause of the alert?
Where can a user identify whether a sensor's signature pack is out-of-date in VMware Carbon Black Cloud?
An administrator has determined that the following rule was the cause for an unexpected block: [Suspected malware] [Invokes a command interpreter] [Terminate process] All reputations for the process which was blocked show SUSPECT_MALWARE. Which reputation was used by the sensor for the decision to terminate the process?
The use of leading wildcards in a query is not recommended unless absolutely necessary because they carry a significant performance penalty for the search. What is an example of a leading wildcard?
Is it possible to search for unsigned files in the console?
An administrator wants to prevent ransomware that has not been seen before, without blocking other processes. Which rule should be used?
An administrator needs to add an application to the Approved List in the VMware Carbon Black Cloud console. Which two different methods may be used for this purpose? (Choose two.)
What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?

Question 1

Report
Export
Collapse

Which permission level is required when a user wants to install a sensor on a Windows endpoint?

A.
Everyone
A.
Everyone
Answers
B.
Administrator
B.
Administrator
Answers
C.
Root
C.
Root
Answers
D.
User
D.
User
Answers
Suggested answer: B

Question 2

Report
Export
Collapse

The administrator has configured a permission rule with the following options selected:

Application at path: C:\Users\*\Downloads\**

Operation Attempt: Performs any operation

Action: Bypass

What is the impact, if any, of using the wildcards in the path for this rule?

A.
Any executable in the downloads directory for any user on the system will be logged and allowed to execute.
A.
Any executable in the downloads directory for any user on the system will be logged and allowed to execute.
Answers
B.
No files will be ignored from the downloads directory.
B.
No files will be ignored from the downloads directory.
Answers
C.
Any executable in the downloads directory for any user on the system will be bypassed for inspection.
C.
Any executable in the downloads directory for any user on the system will be bypassed for inspection.
Answers
D.
Any executable in the downloads directory will be prevented from executing.
D.
Any executable in the downloads directory will be prevented from executing.
Answers
Suggested answer: C

Question 3

Report
Export
Collapse

Which VMware Carbon Black Cloud process is responsible for uploading event reporting to VMware Carbon Black Cloud?

A.
Sensor Service (RepUx
A.
Sensor Service (RepUx
Answers
B.
Scanner Service (scanhost)
B.
Scanner Service (scanhost)
Answers
C.
Scanner Service (Re
C.
Scanner Service (Re
Answers
D.
Sensor Service (RepMqr
D.
Sensor Service (RepMqr
Answers
Suggested answer: D

Question 4

Report
Export
Collapse

An administrator wants to prevent malicious code that has not been seen before from retrieving credentials from the Local Security Authority Subsystem Service, without causing otherwise good applications from being blocked.

Which rule should be used?

A.
[Unknown application] [Retrieves credentials] [Terminate process]
A.
[Unknown application] [Retrieves credentials] [Terminate process]
Answers
B.
[**/*.exe] [Scrapes memory of another process] [Terminate process]
B.
[**/*.exe] [Scrapes memory of another process] [Terminate process]
Answers
C.
[**\lsass.exe] [Scrapes memory of another process] [Deny operation]
C.
[**\lsass.exe] [Scrapes memory of another process] [Deny operation]
Answers
D.
[Not listed application] [Scrapes memory of another process] [Terminate process]
D.
[Not listed application] [Scrapes memory of another process] [Terminate process]
Answers
Suggested answer: D

Question 5

Report
Export
Collapse

An administrator wants to prevent a spreadsheet from being misused to run malicious code, while minimizing the risk of breaking normal operations of a spreadsheet.

Which rule should be used?

A.
**\Microsoft Office\** [Runs external code] [Terminate process]
A.
**\Microsoft Office\** [Runs external code] [Terminate process]
Answers
B.
**\excel.exe [Invokes a command interpreter] [Deny operation]
B.
**\excel.exe [Invokes a command interpreter] [Deny operation]
Answers
C.
**/Microsoft Excel.app/** [Communicates over the network] [Terminate process]
C.
**/Microsoft Excel.app/** [Communicates over the network] [Terminate process]
Answers
D.
**\excel.exe [Runs malware] [Deny operation]
D.
**\excel.exe [Runs malware] [Deny operation]
Answers
Suggested answer: B

Question 6

Report
Export
Collapse

An administrator has determined that the following rule was the cause for an unexpected block:

[Suspected malware] [Invokes a command interpreter] [Terminate process]

All reputations for the process which was blocked show SUSPECT_MALWARE.

Which reputation was used by the sensor for the decision to terminate the process?

A.
Initial Cloud reputation
A.
Initial Cloud reputation
Answers
B.
Actioned reputation
B.
Actioned reputation
Answers
C.
Current Cloud reputation
C.
Current Cloud reputation
Answers
D.
Effective reputation
D.
Effective reputation
Answers
Suggested answer: D

Question 7

Report
Export
Collapse

What is a capability of VMware Carbon Black Cloud?

A.
Continuous and decentralized recording
A.
Continuous and decentralized recording
Answers
B.
Attack chain visualization and search
B.
Attack chain visualization and search
Answers
C.
Real-time view of attackers
C.
Real-time view of attackers
Answers
D.
Automation via closed SOAP APIs
D.
Automation via closed SOAP APIs
Answers
Suggested answer: B

Question 8

Report
Export
Collapse

A security administrator needs to remediate a security vulnerability that may affect the sensors. The administrator decides to use a tool that can provide interaction and remote access for further investigation.

Which tool is being used by the administrator?

A.
CBLauncher
A.
CBLauncher
Answers
B.
Live Response
B.
Live Response
Answers
C.
PowerCLI
C.
PowerCLI
Answers
D.
IRepCLI
D.
IRepCLI
Answers
Suggested answer: B

Question 9

Report
Export
Collapse

A security administrator notices an unusual software behavior on an endpoint. The administrator immediately used the search query to collect data and start analyzing indicators to find the solution.

What is a pre-requisite step in gathering specific vulnerability data to export it as a CSV file for analysis?

A.
Perform a custom search on the Endpoint Page.
A.
Perform a custom search on the Endpoint Page.
Answers
B.
Access the Audit Log content to see associated events.
B.
Access the Audit Log content to see associated events.
Answers
C.
Search for specific malware by hash or filename.
C.
Search for specific malware by hash or filename.
Answers
D.
Enable cloud analysis.
D.
Enable cloud analysis.
Answers
Suggested answer: A

Question 10

Report
Export
Collapse

A VMware Carbon Black managed endpoint is showing up as an inactive device in the console.

What is the threshold, in days, before a machine shows as inactive?

A.
7 days
A.
7 days
Answers
B.
90 days
B.
90 days
Answers
C.
60 days
C.
60 days
Answers
D.
30 days
D.
30 days
Answers
Suggested answer: D
Total 60 questions
Go to page: of 6
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms