ExamGecko
Search Search Login
Home Home / VMware / 5V0-93.22
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator wants to block an application by its path instead of reputation. The following steps have already been taken: Go to Enforce > Policies > Select the desired policy > Which additional steps must be taken to complete the task?
A user downloaded and executed malware on a system. The malware is actively exfiltrating data. Which immediate action is recommended to prevent further exfiltration?
An administrator has determined that the following rule was the cause for an unexpected block: [Suspected malware] [Invokes a command interpreter] [Terminate process] All reputations for the process which was blocked show SUSPECT_MALWARE. Which reputation was used by the sensor for the decision to terminate the process?
A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry. Which components can be checked to further inspect the cause of the alert?
Where can a user identify whether a sensor's signature pack is out-of-date in VMware Carbon Black Cloud?
The use of leading wildcards in a query is not recommended unless absolutely necessary because they carry a significant performance penalty for the search. What is an example of a leading wildcard?
Is it possible to search for unsigned files in the console?
An administrator needs to add an application to the Approved List in the VMware Carbon Black Cloud console. Which two different methods may be used for this purpose? (Choose two.)
What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?
An administrator wants to prevent a spreadsheet from being misused to run malicious code, while minimizing the risk of breaking normal operations of a spreadsheet. Which rule should be used?

Question 4 - 5V0-93.22 discussion

Report
Export

An administrator wants to prevent malicious code that has not been seen before from retrieving credentials from the Local Security Authority Subsystem Service, without causing otherwise good applications from being blocked.

Which rule should be used?

A.
[Unknown application] [Retrieves credentials] [Terminate process]
Answers
A.
[Unknown application] [Retrieves credentials] [Terminate process]
B.
[**/*.exe] [Scrapes memory of another process] [Terminate process]
Answers
B.
[**/*.exe] [Scrapes memory of another process] [Terminate process]
C.
[**\lsass.exe] [Scrapes memory of another process] [Deny operation]
Answers
C.
[**\lsass.exe] [Scrapes memory of another process] [Deny operation]
D.
[Not listed application] [Scrapes memory of another process] [Terminate process]
Answers
D.
[Not listed application] [Scrapes memory of another process] [Terminate process]
Suggested answer: D
Show Answer
asked 16/09/2024
Craig Reid
36 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms