ExamGecko
Search Search Login
Home Home / VMware / 5V0-93.22

VMware 5V0-93.22 Practice Test - Questions Answers, Page 6

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator wants to block an application by its path instead of reputation. The following steps have already been taken: Go to Enforce > Policies > Select the desired policy > Which additional steps must be taken to complete the task?
A user downloaded and executed malware on a system. The malware is actively exfiltrating data. Which immediate action is recommended to prevent further exfiltration?
A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry. Which components can be checked to further inspect the cause of the alert?
Where can a user identify whether a sensor's signature pack is out-of-date in VMware Carbon Black Cloud?
An administrator has determined that the following rule was the cause for an unexpected block: [Suspected malware] [Invokes a command interpreter] [Terminate process] All reputations for the process which was blocked show SUSPECT_MALWARE. Which reputation was used by the sensor for the decision to terminate the process?
The use of leading wildcards in a query is not recommended unless absolutely necessary because they carry a significant performance penalty for the search. What is an example of a leading wildcard?
Is it possible to search for unsigned files in the console?
An administrator wants to prevent ransomware that has not been seen before, without blocking other processes. Which rule should be used?
An administrator needs to add an application to the Approved List in the VMware Carbon Black Cloud console. Which two different methods may be used for this purpose? (Choose two.)
What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?

Question 51

Report
Export
Collapse

An administrator needs to make sure all files are scanned locally upon execution.

Which setting is necessary to complete this task?

A.
On-Access File Scan Mode must be set to Aggressive.
A.
On-Access File Scan Mode must be set to Aggressive.
Answers
B.
Signature Update frequency must be set to 2 hours.
B.
Signature Update frequency must be set to 2 hours.
Answers
C.
Allow Signature Updates must be enabled.
C.
Allow Signature Updates must be enabled.
Answers
D.
Run Background Scan must be set to Expedited.
D.
Run Background Scan must be set to Expedited.
Answers
Suggested answer: A

Question 52

Report
Export
Collapse

An organization has found application.exe running on some machines in their Workstations policy. Application.exe has a SUSPECT_MALWARE reputation and runs from C:\Program Files\IT\Tools. The Workstations policy has the following rules which could apply:

Blocking and Isolation Rule

Permissions Rule

Which action, if any, should an administrator take to ensure application.exe cannot run?

A.
Change the reputation to KNOWN MALWARE to a higher priority.
A.
Change the reputation to KNOWN MALWARE to a higher priority.
Answers
B.
No action needs to be taken as the file will be blocked based on reputation alone.
B.
No action needs to be taken as the file will be blocked based on reputation alone.
Answers
C.
Remove the Permissions rule for C:\Program FilesMTVToolsV.
C.
Remove the Permissions rule for C:\Program FilesMTVToolsV.
Answers
D.
Add the hash to the company banned list at a higher priority.
D.
Add the hash to the company banned list at a higher priority.
Answers
Suggested answer: C

Question 53

Report
Export
Collapse

An administrator is tasked to create a reputation override for a company-critical application based on the highest available priority in the reputation list. The company-critical application is already known by VMware Carbon Black.

Which method of reputation override must the administrator use?

A.
Signing Certificate
A.
Signing Certificate
Answers
B.
Hash
B.
Hash
Answers
C.
Local Approved
C.
Local Approved
Answers
D.
IT Tool
D.
IT Tool
Answers
Suggested answer: A

Question 54

Report
Export
Collapse

An administrator has configured a permission rule with the following options selected:

Application at path: C:\Program Files\**

Operation Attempt: Performs any operation

Action: Bypass

What is the impact, if any, of using the wildcards in the path?

A.
All executable files in the 'Program Files' folder and subfolders will be ignored, including malware files.
A.
All executable files in the 'Program Files' folder and subfolders will be ignored, including malware files.
Answers
B.
No Files will be ignored from the 'Program Files' director/, but Malware in the 'Program Files' directory will continue to be blocked.
B.
No Files will be ignored from the 'Program Files' director/, but Malware in the 'Program Files' directory will continue to be blocked.
Answers
C.
Executable files in the 'Program Files' folder will be blocked.
C.
Executable files in the 'Program Files' folder will be blocked.
Answers
D.
Only executable files in the 'Program Files' folder will be ignored, including malware files.
D.
Only executable files in the 'Program Files' folder will be ignored, including malware files.
Answers
Suggested answer: A

Question 55

Report
Export
Collapse

What is a security benefit of VMware Carbon Black Cloud Endpoint Standard?

A.
A flexible query scheduler that can be used to gather information about the environment
A.
A flexible query scheduler that can be used to gather information about the environment
Answers
B.
Visibility into the entire attack chain and customizable threat intelligence that can be used to gain insight into problems
B.
Visibility into the entire attack chain and customizable threat intelligence that can be used to gain insight into problems
Answers
C.
Customizable threat feeds that plug into a single agent and single console
C.
Customizable threat feeds that plug into a single agent and single console
Answers
D.
Policy rules that can be tested by selecting test rule next to the desired operation attempt
D.
Policy rules that can be tested by selecting test rule next to the desired operation attempt
Answers
Suggested answer: B

Question 56

Report
Export
Collapse

An administrator notices that a sensor's local AV signatures are out-of-date.

What effect does this have on newly discovered files?

A.
The reputation is determined by cloud reputation.
A.
The reputation is determined by cloud reputation.
Answers
B.
The sensor prompts the end user to allow or deny the file.
B.
The sensor prompts the end user to allow or deny the file.
Answers
C.
The sensor automatically blocks the new file.
C.
The sensor automatically blocks the new file.
Answers
D.
The sensor is unable to block a malicious file.
D.
The sensor is unable to block a malicious file.
Answers
Suggested answer: A

Question 57

Report
Export
Collapse

In which tab of the VMware Carbon Black Cloud interface can sensor status details be found?

A.
Enforce > Policies
A.
Enforce > Policies
Answers
B.
Inventory > Sensors
B.
Inventory > Sensors
Answers
C.
Inventory > Endpoints
C.
Inventory > Endpoints
Answers
D.
Inventory > Sensor groups
D.
Inventory > Sensor groups
Answers
Suggested answer: C

Question 58

Report
Export
Collapse

An administrator wants to block ransomware in the organization based on leadership's growing concern about ransomware attacks in their industry.

What is the most effective way to meet this goal?

A.
Look at current attacks to see if the software that is running is vulnerable to potential ransomware attacks.
A.
Look at current attacks to see if the software that is running is vulnerable to potential ransomware attacks.
Answers
B.
Turn on the performs ransomware-like behavior rule in the policies.
B.
Turn on the performs ransomware-like behavior rule in the policies.
Answers
C.
Recognize that analytics will automatically block the attacks that may occur.
C.
Recognize that analytics will automatically block the attacks that may occur.
Answers
D.
Start in the monitored policy until it is clear that no attacks are happening.
D.
Start in the monitored policy until it is clear that no attacks are happening.
Answers
Suggested answer: B

Question 59

Report
Export
Collapse

Which port does the VMware Carbon Black sensor use to communicate to VMware Carbon Black Cloud?

A.
443
A.
443
Answers
B.
80
B.
80
Answers
C.
8443
C.
8443
Answers
D.
22
D.
22
Answers
Suggested answer: A

Question 60

Report
Export
Collapse

A security administrator is tasked to enable Live Response on all endpoints in a specific policy.

What is the correct path to configure the required sensor policy setting?

A.
Enforce > Policy > Policies > Sensor
A.
Enforce > Policy > Policies > Sensor
Answers
B.
Policies > Policy > Sensor > Enforce
B.
Policies > Policy > Sensor > Enforce
Answers
C.
Policies > Enforce > Policy > Sensor
C.
Policies > Enforce > Policy > Sensor
Answers
D.
Enforce > Policies > Policy > Sensor
D.
Enforce > Policies > Policy > Sensor
Answers
Suggested answer: A
Total 60 questions
Go to page: of 6
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms