ExamGecko
Search Search Login
Home Home / VMware / 5V0-93.22

VMware 5V0-93.22 Practice Test - Questions Answers, Page 2

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator wants to block an application by its path instead of reputation. The following steps have already been taken: Go to Enforce > Policies > Select the desired policy > Which additional steps must be taken to complete the task?
A user downloaded and executed malware on a system. The malware is actively exfiltrating data. Which immediate action is recommended to prevent further exfiltration?
A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry. Which components can be checked to further inspect the cause of the alert?
Where can a user identify whether a sensor's signature pack is out-of-date in VMware Carbon Black Cloud?
Is it possible to search for unsigned files in the console?
An administrator has determined that the following rule was the cause for an unexpected block: [Suspected malware] [Invokes a command interpreter] [Terminate process] All reputations for the process which was blocked show SUSPECT_MALWARE. Which reputation was used by the sensor for the decision to terminate the process?
The use of leading wildcards in a query is not recommended unless absolutely necessary because they carry a significant performance penalty for the search. What is an example of a leading wildcard?
An administrator wants to prevent ransomware that has not been seen before, without blocking other processes. Which rule should be used?
An administrator needs to add an application to the Approved List in the VMware Carbon Black Cloud console. Which two different methods may be used for this purpose? (Choose two.)
What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?

Question 11

Report
Export
Collapse

Which statement is true regarding Blocking/Isolation rules and Permission rules?

A.
Blocking & Isolation rules are overridden by Upload Rules.
A.
Blocking & Isolation rules are overridden by Upload Rules.
Answers
B.
Permission Rules are overridden by Blocking & Isolation rules
B.
Permission Rules are overridden by Blocking & Isolation rules
Answers
C.
Upload Rules are overridden by Blocking & Isolation rules.
C.
Upload Rules are overridden by Blocking & Isolation rules.
Answers
D.
Blocking & Isolation rules are overridden by Permission Rules
D.
Blocking & Isolation rules are overridden by Permission Rules
Answers
Suggested answer: B

Question 12

Report
Export
Collapse

The VMware Carbon Black Cloud Sensor is not able to establish connectivity to the VMware Carbon Black Cloud Content Management URL over the standard SSL port TCP/443.

Which port, if any, will be the tailback?

A.
TCP/54443
A.
TCP/54443
Answers
B.
TCP/80
B.
TCP/80
Answers
C.
TCP/8443
C.
TCP/8443
Answers
D.
It will not fallback and fail.
D.
It will not fallback and fail.
Answers
Suggested answer: C

Question 13

Report
Export
Collapse

An administrator has been tasked with preventing the use of unauthorized USB storage devices from being used in the environment.

Which item needs to be enabled in order to enforce this requirement?

A.
Enable the Block access to all unapproved USB devices within the policies option.
A.
Enable the Block access to all unapproved USB devices within the policies option.
Answers
B.
Choose to disable USB device access on each endpoint from the Inventory page.
B.
Choose to disable USB device access on each endpoint from the Inventory page.
Answers
C.
Select the option to block USB devices from the Reputation page.
C.
Select the option to block USB devices from the Reputation page.
Answers
D.
Elect to approve only allowed USB devices from the USB Devices page.
D.
Elect to approve only allowed USB devices from the USB Devices page.
Answers
Suggested answer: A

Question 14

Report
Export
Collapse

An administrator needs to create a search, but it must exclude 'system.exe'.

How should this task be completed?

A.
#process_name:system.exe
A.
#process_name:system.exe
Answers
B.
*process_name:system.exe
B.
*process_name:system.exe
Answers
C.
-process_name:system.exe
C.
-process_name:system.exe
Answers
Suggested answer: C

Question 15

Report
Export
Collapse

An administrator needs to use an ID to search and investigate security incidents in Carbon Black Cloud.

Which three IDs may be used for this purpose? (Choose three.)

A.
Threat
A.
Threat
Answers
B.
Hash
B.
Hash
Answers
C.
Sensor
C.
Sensor
Answers
D.
Event
D.
Event
Answers
E.
User
E.
User
Answers
F.
Alert
F.
Alert
Answers
Suggested answer: B, D, F

Question 16

Report
Export
Collapse

Which VMware Carbon Black Cloud integration is supported for SIEM?

A.
SolarWinds
A.
SolarWinds
Answers
B.
LogRhythm
B.
LogRhythm
Answers
C.
Splunk App
C.
Splunk App
Answers
D.
Datadog
D.
Datadog
Answers
Suggested answer: C

Question 17

Report
Export
Collapse

What connectivity is required for VMware Carbon Black Cloud Endpoint Standard to perform Sensor Certificate Validation?

A.
TCP/443 to GoDaddy OCSP and CRL URLs (crl.godaddy.com and ocsp.godaddy.com)
A.
TCP/443 to GoDaddy OCSP and CRL URLs (crl.godaddy.com and ocsp.godaddy.com)
Answers
B.
TCP/80 to GoDaddy OCSP and CRL URLs (crl.godaddy.com and ocsp.godaddy.com)
B.
TCP/80 to GoDaddy OCSP and CRL URLs (crl.godaddy.com and ocsp.godaddy.com)
Answers
C.
TCP/443 to GoDaddy CRL URL (crl.godaddy.com and ocsp.godaddy.com)
C.
TCP/443 to GoDaddy CRL URL (crl.godaddy.com and ocsp.godaddy.com)
Answers
D.
TCP/80 to GoDaddy CRL URL (crl.godaddy.com and ocsp.godaddy.com)
D.
TCP/80 to GoDaddy CRL URL (crl.godaddy.com and ocsp.godaddy.com)
Answers
Suggested answer: A

Question 18

Report
Export
Collapse

An administrator wants to block an application by its path instead of reputation. The following steps have already been taken:

Go to Enforce > Policies > Select the desired policy >

Which additional steps must be taken to complete the task?

A.
Click Enforce > Add application path name
A.
Click Enforce > Add application path name
Answers
B.
Scroll down to the Permissions section > Click Add application path > Enter the path of the desired application
B.
Scroll down to the Permissions section > Click Add application path > Enter the path of the desired application
Answers
C.
Scroll down to the Blocking and Isolation section > Click Edit (pencil icon) for the desired Reputation
C.
Scroll down to the Blocking and Isolation section > Click Edit (pencil icon) for the desired Reputation
Answers
D.
Scroll down to the Blocking and Isolation section > Click Add application path > Enter the path of the desired application
D.
Scroll down to the Blocking and Isolation section > Click Add application path > Enter the path of the desired application
Answers
Suggested answer: D

Question 19

Report
Export
Collapse

An administrator is investigating an alert and reads a summary that says:

The application powershell.exe was leveraged to make a potentially malicious network connection.

Which action should the administrator take immediately to block that connection?

A.
Click Delete Application
A.
Click Delete Application
Answers
B.
Click Quarantine Asset
B.
Click Quarantine Asset
Answers
C.
Click Export Alert
C.
Click Export Alert
Answers
D.
Click Drop Connection
D.
Click Drop Connection
Answers
Suggested answer: D

Question 20

Report
Export
Collapse

Which command is used to immediately terminate a current Live Response session?

A.
kill
A.
kill
Answers
B.
detach -q
B.
detach -q
Answers
C.
delete
C.
delete
Answers
D.
execfg
D.
execfg
Answers
Suggested answer: B
Total 60 questions
Go to page: of 6
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms