ExamGecko
Search Search Login
Home Home / VMware / 5V0-93.22
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An administrator wants to block an application by its path instead of reputation. The following steps have already been taken: Go to Enforce > Policies > Select the desired policy > Which additional steps must be taken to complete the task?
A user downloaded and executed malware on a system. The malware is actively exfiltrating data. Which immediate action is recommended to prevent further exfiltration?
Where can a user identify whether a sensor's signature pack is out-of-date in VMware Carbon Black Cloud?
An administrator has determined that the following rule was the cause for an unexpected block: [Suspected malware] [Invokes a command interpreter] [Terminate process] All reputations for the process which was blocked show SUSPECT_MALWARE. Which reputation was used by the sensor for the decision to terminate the process?
A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry. Which components can be checked to further inspect the cause of the alert?
The use of leading wildcards in a query is not recommended unless absolutely necessary because they carry a significant performance penalty for the search. What is an example of a leading wildcard?
Is it possible to search for unsigned files in the console?
An administrator needs to add an application to the Approved List in the VMware Carbon Black Cloud console. Which two different methods may be used for this purpose? (Choose two.)
What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?
An administrator wants to prevent a spreadsheet from being misused to run malicious code, while minimizing the risk of breaking normal operations of a spreadsheet. Which rule should be used?

Question 35 - 5V0-93.22 discussion

Report
Export

A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry.

Which components can be checked to further inspect the cause of the alert?

A.
Command lines. Device ID, and priority score
Answers
A.
Command lines. Device ID, and priority score
B.
Event details, command lines, and TTPs involved
Answers
B.
Event details, command lines, and TTPs involved
C.
TTPs involved, network connections, and child path
Answers
C.
TTPs involved, network connections, and child path
D.
Priority score, file reputation, and timestamp
Answers
D.
Priority score, file reputation, and timestamp
Suggested answer: B
Show Answer
asked 16/09/2024
Jason Hicks
44 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms