3 Months Free Update
3 Months Free Update
3 Months Free Update
Which statement is true regarding Blocking/Isolation rules and Permission rules?
The administrator has configured a permission rule with the following options selected:
Application at path: C:\Users\*\Downloads\**
Operation Attempt: Performs any operation
Action: Bypass
What is the impact, if any, of using the wildcards in the path for this rule?
An administrator has configured a terminate rule to prevent an application from running. The administrator wants to confirm that the new rule would have prevented a previous execution that had been observed.
Which feature should the administrator leverage for this purpose?
Which port does the VMware Carbon Black sensor use to communicate to VMware Carbon Black Cloud?
A script-based attack has been identified that inflicted damage to the corporate systems. The security administrator found out that the malware was coded into Excel VBA and would like to perform a search to further inspect the incident.
Where in the VMware Carbon Black Cloud Endpoint Standard console can this action be completed?
Which permission level is required when a user wants to install a sensor on a Windows endpoint?
A user downloaded and executed malware on a system. The malware is actively exfiltrating data.
Which immediate action is recommended to prevent further exfiltration?
An administrator is tasked to create a reputation override for a company-critical application based on the highest available priority in the reputation list. The company-critical application is already known by VMware Carbon Black.
Which method of reputation override must the administrator use?
An organization has the following requirements for allowing application.exe:
Must not work for any user's D:\ drive
Must allow running only from inside of the user's Temp\Allowed directory
Must not allow running from anywhere outside of Temp\Allowed
For example, on one user's machine, the path is C:\Users\Lorie\Temp\Allowed\application.exe.
Which path meets this criteria using wildcards?
An administrator wants to prevent malicious code that has not been seen before from retrieving credentials from the Local Security Authority Subsystem Service, without causing otherwise good applications from being blocked.
Which rule should be used?
An organization has found application.exe running on some machines in their Workstations policy. Application.exe has a SUSPECT_MALWARE reputation and runs from C:\Program Files\IT\Tools. The Workstations policy has the following rules which could apply:
Blocking and Isolation Rule
Application on the company banned list > Runs or is running > Deny
Known malware > Runs or is running > Deny
Suspect malware > Runs or is running > Terminate
Permissions Rule
C:\Program Files\IT\Tools\* > Performs any operation > Bypass
Which action, if any, should an administrator take to ensure application.exe cannot run?
A security administrator is tasked to enable Live Response on all endpoints in a specific policy.
What is the correct path to configure the required sensor policy setting?
Which statement accurately characterizes Alerts that are categorized as a "Threat" versus those categorized as "Observed"?