VMware 5V0-93.22 Practice Test - Questions Answers, Page 5

A company wants to prevent an executable from running in their organization. The current reputation for the file is NOT LISTED, and the machines are in the default standard policy.

Which action should be taken to prevent the file from executing?

An administrator needs to add an application to the Approved List in the VMware Carbon Black Cloud console.

Which two different methods may be used for this purpose? (Choose two.)

An organization is implementing policy rules. The administrator mentions that one operation attempt must use a Terminate Process action.

Which operation attempt has this requirement?

An administrator needs to find all events on the Investigate page where the process is svchost.exe, and the path is not the standard path of C:\Windows\System32.

Which advanced search will yield these results?

An administrator has dismissed a group of alerts and ticked the box for 'Dismiss future instances of this alert on all devices in all policies'. There is also a Notification configured to email the administrator whenever an alert of the same Severity occurs. The following day, a new alert is added to the same group of alerts.

How will this alert be handled?

An administrator wants to prevent ransomware that has not been seen before, without blocking other processes.

Which rule should be used?

An administrator is reviewing how event data is categorized and identified in VMware Carbon Black Cloud.

Which method is used?

Which scenario would qualify for the 'Local White' Reputation?

An organization is seeing a new malicious process that has not been seen before.

Which tool can be used to block this process?