ExamGecko
Search Search Login
Home Home / VMware / 5V0-93.22

VMware 5V0-93.22 Practice Test - Questions Answers, Page 3

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator wants to block an application by its path instead of reputation. The following steps have already been taken: Go to Enforce > Policies > Select the desired policy > Which additional steps must be taken to complete the task?
A user downloaded and executed malware on a system. The malware is actively exfiltrating data. Which immediate action is recommended to prevent further exfiltration?
A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry. Which components can be checked to further inspect the cause of the alert?
Where can a user identify whether a sensor's signature pack is out-of-date in VMware Carbon Black Cloud?
An administrator has determined that the following rule was the cause for an unexpected block: [Suspected malware] [Invokes a command interpreter] [Terminate process] All reputations for the process which was blocked show SUSPECT_MALWARE. Which reputation was used by the sensor for the decision to terminate the process?
The use of leading wildcards in a query is not recommended unless absolutely necessary because they carry a significant performance penalty for the search. What is an example of a leading wildcard?
Is it possible to search for unsigned files in the console?
An administrator needs to add an application to the Approved List in the VMware Carbon Black Cloud console. Which two different methods may be used for this purpose? (Choose two.)
What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?
An administrator wants to prevent a spreadsheet from being misused to run malicious code, while minimizing the risk of breaking normal operations of a spreadsheet. Which rule should be used?

Question 21

Report
Export
Collapse

A user downloaded and executed malware on a system. The malware is actively exfiltrating data.

Which immediate action is recommended to prevent further exfiltration?

A.
Check Security Advisories and Threat Research contents.
A.
Check Security Advisories and Threat Research contents.
Answers
B.
Place the device in quarantine.
B.
Place the device in quarantine.
Answers
C.
Run a background scan.
C.
Run a background scan.
Answers
D.
Request upload of the file for analysis.
D.
Request upload of the file for analysis.
Answers
Suggested answer: B

Question 22

Report
Export
Collapse

What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?

A.
Priority 1: Ignore, Priority 11: Unknown
A.
Priority 1: Ignore, Priority 11: Unknown
Answers
B.
Priority 1: Unknown, Priority 11: Ignore
B.
Priority 1: Unknown, Priority 11: Ignore
Answers
C.
Priority 1: Known Malware, Priority 11: Common White
C.
Priority 1: Known Malware, Priority 11: Common White
Answers
D.
Priority 1: Company Allowed, Priority 11: Not Listed/Adaptive White
D.
Priority 1: Company Allowed, Priority 11: Not Listed/Adaptive White
Answers
Suggested answer: A

Question 23

Report
Export
Collapse

An administrator wants to find information about real-world prevention rules that can be used in VMware Carbon Black Cloud Endpoint Standard.

How can the administrator obtain this information?

A.
Refer to an external report from other security vendors to obtain solutions.
A.
Refer to an external report from other security vendors to obtain solutions.
Answers
B.
Refer to the TAU-TIN's on the VMware Carbon Black community page.
B.
Refer to the TAU-TIN's on the VMware Carbon Black community page.
Answers
C.
Refer to the VMware Carbon Black Cloud sensor install guide.
C.
Refer to the VMware Carbon Black Cloud sensor install guide.
Answers
D.
Refer to VMware Carbon Black Cloud user guide.
D.
Refer to VMware Carbon Black Cloud user guide.
Answers
Suggested answer: B

Question 24

Report
Export
Collapse

Is it possible to search for unsigned files in the console?

A.
Yes, by using the search: NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNED
A.
Yes, by using the search: NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNED
Answers
B.
No, it is not possible to return a query for unsigned files.
B.
No, it is not possible to return a query for unsigned files.
Answers
C.
Yes, by using the search: process_publisher_state:FILE_SIGNATURE_STATE_UNSIGNED
C.
Yes, by using the search: process_publisher_state:FILE_SIGNATURE_STATE_UNSIGNED
Answers
D.
Yes, by looking at signed and unsigned executables in the environment and seeing if another difference can be found, thus locating unsigned files in the environment.
D.
Yes, by looking at signed and unsigned executables in the environment and seeing if another difference can be found, thus locating unsigned files in the environment.
Answers
Suggested answer: C

Question 25

Report
Export
Collapse

The administrator has configured a permission rule with the following options selected:

Application at path: C:\Program Files\**

Operation Attempt: Performs any operation

Action: Bypass

What is the impact, if any, of using the wildcards in the application at path field?

A.
Executable files in the 'Program Files' directory and subdirectories will be ignored.
A.
Executable files in the 'Program Files' directory and subdirectories will be ignored.
Answers
B.
Executable files in the 'Program Files' directory will be blocked.
B.
Executable files in the 'Program Files' directory will be blocked.
Answers
C.
Executable files in the 'Program Files' directory will be logged.
C.
Executable files in the 'Program Files' directory will be logged.
Answers
D.
Executable files in the 'Program Files' directory will be subject to blocking rules.
D.
Executable files in the 'Program Files' directory will be subject to blocking rules.
Answers
Suggested answer: A

Question 26

Report
Export
Collapse

A script-based attack has been identified that inflicted damage to the corporate systems. The security administrator found out that the malware was coded into Excel VBA and would like to perform a search to further inspect the incident.

Where in the VMware Carbon Black Cloud Endpoint Standard console can this action be completed?

A.
Endpoints
A.
Endpoints
Answers
B.
Settings
B.
Settings
Answers
C.
Investigate
C.
Investigate
Answers
D.
Alerts
D.
Alerts
Answers
Suggested answer: C

Question 27

Report
Export
Collapse

An administrator would like to proactively know that something may get blocked when putting a policy rule in the environment.

How can this information be obtained?

A.
Search the data using the test rule functionality.
A.
Search the data using the test rule functionality.
Answers
B.
Examine log files to see what would be impacted
B.
Examine log files to see what would be impacted
Answers
C.
Put the rules in and see what happens to the endpoints.
C.
Put the rules in and see what happens to the endpoints.
Answers
D.
Determine what would happen based on previously used antivirus software
D.
Determine what would happen based on previously used antivirus software
Answers
Suggested answer: A

Question 28

Report
Export
Collapse

An administrator has just placed an endpoint into bypass.

What type of protection, if any, will VMware Carbon Black provide this device?

A.
VMware Carbon Black will be uninstalled from the endpoint.
A.
VMware Carbon Black will be uninstalled from the endpoint.
Answers
B.
VMware Carbon Black will place the machine in quarantine.
B.
VMware Carbon Black will place the machine in quarantine.
Answers
C.
VMware Carbon Black will not provide any protection to the endpoint.
C.
VMware Carbon Black will not provide any protection to the endpoint.
Answers
D.
VMware Carbon Black will apply policy rules.
D.
VMware Carbon Black will apply policy rules.
Answers
Suggested answer: C

Question 29

Report
Export
Collapse

A security administrator needs to review the Live Response activities and commands that have been executed while performing a remediation process to the sensors.

Where can the administrator view this information in the console?

A.
Users
A.
Users
Answers
B.
Audit Log
B.
Audit Log
Answers
C.
Notifications
C.
Notifications
Answers
D.
Inbox
D.
Inbox
Answers
Suggested answer: B

Question 30

Report
Export
Collapse

Which statement accurately characterizes Alerts that are categorized as a 'Threat' versus those categorized as 'Observed'?

A.
'Threat' indicates an ongoing attack. 'Observed' indicates the attack is over and is being watched.
A.
'Threat' indicates an ongoing attack. 'Observed' indicates the attack is over and is being watched.
Answers
B.
'Threat' indicates a more likely malicious event. 'Observed' are less likely to be malicious.
B.
'Threat' indicates a more likely malicious event. 'Observed' are less likely to be malicious.
Answers
C.
'Threat' indicates a block (Deny or Terminate) has occurred. 'Observed' indicates that there is no block.
C.
'Threat' indicates a block (Deny or Terminate) has occurred. 'Observed' indicates that there is no block.
Answers
D.
'Threat' indicates that no block (Deny or Terminate) has occurred. 'Observed' indicates a block.
D.
'Threat' indicates that no block (Deny or Terminate) has occurred. 'Observed' indicates a block.
Answers
Suggested answer: B
Total 60 questions
Go to page: of 6
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms