Pre-Winter Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

5V0-93.22 PDF

$38.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

5V0-93.22 PDF + Testing Engine

$61.6

$175.99

3 Months Free Update

  • Exam Name: VMware Carbon Black Cloud Endpoint Standard Skills
  • Last Update: Oct 4, 2024
  • Questions and Answers: 60
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

5V0-93.22 Engine

$46.2

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

5V0-93.22 Practice Exam Questions with Answers VMware Carbon Black Cloud Endpoint Standard Skills Certification

Question # 6

Which statement is true regarding Blocking/Isolation rules and Permission rules?

A.

Blocking & Isolation rules are overridden by Upload Rules.

B.

Permission Rules are overridden by Blocking & Isolation rules

C.

Upload Rules are overridden by Blocking & Isolation rules.

D.

D.Blocking & Isolation rules are overridden by Permission Rules

Full Access
Question # 7

The administrator has configured a permission rule with the following options selected:

Application at path: C:\Users\*\Downloads\**

Operation Attempt: Performs any operation

Action: Bypass

What is the impact, if any, of using the wildcards in the path for this rule?

A.

Any executable in the downloads directory for any user on the system will be logged and allowed to execute.

B.

No files will be ignored from the downloads directory.

C.

Any executable in the downloads directory for any user on the system will be bypassed for inspection.

D.

Any executable in the downloads directory will be prevented from executing.

Full Access
Question # 8

An administrator has configured a terminate rule to prevent an application from running. The administrator wants to confirm that the new rule would have prevented a previous execution that had been observed.

Which feature should the administrator leverage for this purpose?

A.

Setup a notification based on a policy action, and then select Terminate.

B.

Utilize the Test rule link from within the rule.

C.

Configure the rule to terminate the process.

D.

Configure the rule to deny operation of the process.

Full Access
Question # 9

Which port does the VMware Carbon Black sensor use to communicate to VMware Carbon Black Cloud?

A.

443

B.

80

C.

8443

D.

22

Full Access
Question # 10

A script-based attack has been identified that inflicted damage to the corporate systems. The security administrator found out that the malware was coded into Excel VBA and would like to perform a search to further inspect the incident.

Where in the VMware Carbon Black Cloud Endpoint Standard console can this action be completed?

A.

Endpoints

B.

Settings

C.

Investigate

D.

Alerts

Full Access
Question # 11

Which permission level is required when a user wants to install a sensor on a Windows endpoint?

A.

Everyone

B.

Administrator

C.

Root

D.

User

Full Access
Question # 12

A user downloaded and executed malware on a system. The malware is actively exfiltrating data.

Which immediate action is recommended to prevent further exfiltration?

A.

Check Security Advisories and Threat Research contents.

B.

Place the device in quarantine.

C.

Run a background scan.

D.

Request upload of the file for analysis.

Full Access
Question # 13

An administrator is tasked to create a reputation override for a company-critical application based on the highest available priority in the reputation list. The company-critical application is already known by VMware Carbon Black.

Which method of reputation override must the administrator use?

A.

Signing Certificate

B.

Hash

C.

Local Approved

D.

IT Tool

Full Access
Question # 14

An organization has the following requirements for allowing application.exe:

5V0-93.22 question answerMust not work for any user's D:\ drive

5V0-93.22 question answerMust allow running only from inside of the user's Temp\Allowed directory

5V0-93.22 question answerMust not allow running from anywhere outside of Temp\Allowed

For example, on one user's machine, the path is C:\Users\Lorie\Temp\Allowed\application.exe.

Which path meets this criteria using wildcards?

A.

C:\Users\?\Temp\Allowed\application.exe

B.

C:\Users\*\Temp\Allowed\application.exe

C.

*:\Users\**\Temp\Allowed\application.exe

D.

*:\Users\*\Temp\Allowed\application.exe

Full Access
Question # 15

An administrator wants to prevent malicious code that has not been seen before from retrieving credentials from the Local Security Authority Subsystem Service, without causing otherwise good applications from being blocked.

Which rule should be used?

A.

[Unknown application] [Retrieves credentials] [Terminate process]

B.

[**/*.exe] [Scrapes memory of another process] [Terminate process]

C.

[**\lsass.exe] [Scrapes memory of another process] [Deny operation]

D.

[Not listed application] [Scrapes memory of another process] [Terminate process]

Full Access
Question # 16

An organization has found application.exe running on some machines in their Workstations policy. Application.exe has a SUSPECT_MALWARE reputation and runs from C:\Program Files\IT\Tools. The Workstations policy has the following rules which could apply:

Blocking and Isolation Rule

5V0-93.22 question answerApplication on the company banned list > Runs or is running > Deny

5V0-93.22 question answerKnown malware > Runs or is running > Deny

5V0-93.22 question answerSuspect malware > Runs or is running > Terminate

Permissions Rule

5V0-93.22 question answerC:\Program Files\IT\Tools\* > Performs any operation > Bypass

Which action, if any, should an administrator take to ensure application.exe cannot run?

A.

Change the reputation to KNOWN MALWARE to a higher priority.

B.

No action needs to be taken as the file will be blocked based on reputation alone.

C.

Remove the Permissions rule for C:\Program FilesMTVToolsV.

D.

Add the hash to the company banned list at a higher priority.

Full Access
Question # 17

A security administrator is tasked to enable Live Response on all endpoints in a specific policy.

What is the correct path to configure the required sensor policy setting?

A.

Enforce > Policy > Policies > Sensor

B.

Policies > Policy > Sensor > Enforce

C.

Policies > Enforce > Policy > Sensor

D.

Enforce > Policies > Policy > Sensor

Full Access
Question # 18

Which statement accurately characterizes Alerts that are categorized as a "Threat" versus those categorized as "Observed"?

A.

"Threat" indicates an ongoing attack. "Observed" indicates the attack is over and is being watched.

B.

"Threat" indicates a more likely malicious event. "Observed" are less likely to be malicious.

C.

"Threat" indicates a block (Deny or Terminate) has occurred. "Observed" indicates that there is no block.

D.

"Threat" indicates that no block (Deny or Terminate) has occurred. "Observed" indicates a block.

Full Access