ExamGecko
Search Search Login
Home Home / VMware / 5V0-93.22

VMware 5V0-93.22 Practice Test - Questions Answers, Page 5

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator wants to block an application by its path instead of reputation. The following steps have already been taken: Go to Enforce > Policies > Select the desired policy > Which additional steps must be taken to complete the task?
A user downloaded and executed malware on a system. The malware is actively exfiltrating data. Which immediate action is recommended to prevent further exfiltration?
A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry. Which components can be checked to further inspect the cause of the alert?
Where can a user identify whether a sensor's signature pack is out-of-date in VMware Carbon Black Cloud?
Is it possible to search for unsigned files in the console?
An administrator has determined that the following rule was the cause for an unexpected block: [Suspected malware] [Invokes a command interpreter] [Terminate process] All reputations for the process which was blocked show SUSPECT_MALWARE. Which reputation was used by the sensor for the decision to terminate the process?
The use of leading wildcards in a query is not recommended unless absolutely necessary because they carry a significant performance penalty for the search. What is an example of a leading wildcard?
An administrator wants to prevent ransomware that has not been seen before, without blocking other processes. Which rule should be used?
An administrator needs to add an application to the Approved List in the VMware Carbon Black Cloud console. Which two different methods may be used for this purpose? (Choose two.)
What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?

Question 41

Report
Export
Collapse

An administrator needs to fully analyze the relevant information of an event stored in the VMware Carbon Black Cloud.

On which page can this information be found?

A.
Enforce
A.
Enforce
Answers
B.
Investigate
B.
Investigate
Answers
C.
Live Query
C.
Live Query
Answers
D.
Inventory
D.
Inventory
Answers
Suggested answer: B

Question 42

Report
Export
Collapse

A company wants to prevent an executable from running in their organization. The current reputation for the file is NOT LISTED, and the machines are in the default standard policy.

Which action should be taken to prevent the file from executing?

A.
Add the hash to the MALWARE list.
A.
Add the hash to the MALWARE list.
Answers
B.
Use Live Response to kill the process.
B.
Use Live Response to kill the process.
Answers
C.
Use Live Response to delete the file.
C.
Use Live Response to delete the file.
Answers
D.
Add the hash to the company banned list.
D.
Add the hash to the company banned list.
Answers
Suggested answer: D

Question 43

Report
Export
Collapse

An administrator needs to add an application to the Approved List in the VMware Carbon Black Cloud console.

Which two different methods may be used for this purpose? (Choose two.)

A.
MD5 Hash
A.
MD5 Hash
Answers
B.
Signing Certificate
B.
Signing Certificate
Answers
C.
Application Path
C.
Application Path
Answers
D.
Application Name
D.
Application Name
Answers
E.
IT Tool
E.
IT Tool
Answers
Suggested answer: A, B

Question 44

Report
Export
Collapse

An organization is implementing policy rules. The administrator mentions that one operation attempt must use a Terminate Process action.

Which operation attempt has this requirement?

A.
Performs ransom ware-like behavior
A.
Performs ransom ware-like behavior
Answers
B.
Runs or is running
B.
Runs or is running
Answers
C.
Scrapes memory of another process
C.
Scrapes memory of another process
Answers
D.
Invokes a command interpreter
D.
Invokes a command interpreter
Answers
Suggested answer: A

Question 45

Report
Export
Collapse

An administrator needs to find all events on the Investigate page where the process is svchost.exe, and the path is not the standard path of C:\Windows\System32.

Which advanced search will yield these results?

A.
process_name:svchost.exe EXCLUDE process_name:C\:\\Windows\\System32
A.
process_name:svchost.exe EXCLUDE process_name:C\:\\Windows\\System32
Answers
B.
process_name:svchost.exe AND NOT process_name:C:\Windows\System32
B.
process_name:svchost.exe AND NOT process_name:C:\Windows\System32
Answers
C.
process_name:svchost.exe AND NOT process_name:C\:\\Windows\\System32
C.
process_name:svchost.exe AND NOT process_name:C\:\\Windows\\System32
Answers
D.
process_name:svchost.exe EXCLUDE process_name:C:\Windows\System32
D.
process_name:svchost.exe EXCLUDE process_name:C:\Windows\System32
Answers
Suggested answer: C

Question 46

Report
Export
Collapse

An administrator has dismissed a group of alerts and ticked the box for 'Dismiss future instances of this alert on all devices in all policies'. There is also a Notification configured to email the administrator whenever an alert of the same Severity occurs. The following day, a new alert is added to the same group of alerts.

How will this alert be handled?

A.
The alert will show when the Dismissed filter is selected on the Alerts page, and a Notification email will be sent.
A.
The alert will show when the Dismissed filter is selected on the Alerts page, and a Notification email will be sent.
Answers
B.
The alert will show when the Dismissed filter is selected on Alerts page, but a Notification email will not be sent.
B.
The alert will show when the Dismissed filter is selected on Alerts page, but a Notification email will not be sent.
Answers
C.
The alert will show when the Not Dismissed filter is selected on Alerts page, and a Notification email will be sent.
C.
The alert will show when the Not Dismissed filter is selected on Alerts page, and a Notification email will be sent.
Answers
D.
The alert will show when Not Dismissed filter is selected on Alerts page, but a Notification email will not be sent.
D.
The alert will show when Not Dismissed filter is selected on Alerts page, but a Notification email will not be sent.
Answers
Suggested answer: B

Question 47

Report
Export
Collapse

An administrator wants to prevent ransomware that has not been seen before, without blocking other processes.

Which rule should be used?

A.
[Adware or PUP] [Scrapes memory of another process] [Deny operation]
A.
[Adware or PUP] [Scrapes memory of another process] [Deny operation]
Answers
B.
[Not listed application] [Performs ransomware-like behavior] [Terminate process
B.
[Not listed application] [Performs ransomware-like behavior] [Terminate process
Answers
C.
[Unknown malware] [Runs or is running] [Terminate process]
C.
[Unknown malware] [Runs or is running] [Terminate process]
Answers
D.
[Not listed application] [Runs or is running] [Terminate process]
D.
[Not listed application] [Runs or is running] [Terminate process]
Answers
Suggested answer: B

Question 48

Report
Export
Collapse

An administrator is reviewing how event data is categorized and identified in VMware Carbon Black Cloud.

Which method is used?

A.
By Unique Process ID
A.
By Unique Process ID
Answers
B.
By Process Name
B.
By Process Name
Answers
C.
By Unique Event ID
C.
By Unique Event ID
Answers
D.
By Event Name
D.
By Event Name
Answers
Suggested answer: C

Question 49

Report
Export
Collapse

Which scenario would qualify for the 'Local White' Reputation?

A.
The file was added as an IT took
A.
The file was added as an IT took
Answers
B.
The file was signed using a trusted certificate.
B.
The file was signed using a trusted certificate.
Answers
C.
The hash was not on any known good or known bad lists, AND the file is signed.
C.
The hash was not on any known good or known bad lists, AND the file is signed.
Answers
D.
The hash was previously analyzed, AND it is not on any known good or bad lists.
D.
The hash was previously analyzed, AND it is not on any known good or bad lists.
Answers
Suggested answer: A

Question 50

Report
Export
Collapse

An organization is seeing a new malicious process that has not been seen before.

Which tool can be used to block this process?

A.
Policy rules
A.
Policy rules
Answers
B.
Malware Removal
B.
Malware Removal
Answers
C.
Certificate banned list
C.
Certificate banned list
Answers
D.
Live Response
D.
Live Response
Answers
Suggested answer: A
Total 60 questions
Go to page: of 6
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms