3 Months Free Update
3 Months Free Update
3 Months Free Update
An administrator has determined that the following rule was the cause for an unexpected block:
[Suspected malware] [Invokes a command interpreter] [Terminate process]
All reputations for the process which was blocked show SUSPECT_MALWARE.
Which reputation was used by the sensor for the decision to terminate the process?
A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry.
Which components can be checked to further inspect the cause of the alert?
Which port does the VMware Carbon Black sensor use to communicate to VMware Carbon Black Cloud?
An administrator wants to block an application by its path instead of reputation. The following steps have already been taken:
Go to Enforce > Policies > Select the desired policy >
Which additional steps must be taken to complete the task?
An administrator is working in a development environment that has a policy rule applied and notices that there are too many blocks. The administrator takes action on the policy rule to troubleshoot the issue until the blocks are fixed.
Which action should the administrator take?
Where can a user identify whether a sensor's signature pack is out-of-date in VMware Carbon Black Cloud?
An administrator would like to proactively know that something may get blocked when putting a policy rule in the environment.
How can this information be obtained?
What is a security benefit of VMware Carbon Black Cloud Endpoint Standard?
The administrator has configured a permission rule with the following options selected:
Application at path: C:\Users\*\Downloads\**
Operation Attempt: Performs any operation
Action: Bypass
What is the impact, if any, of using the wildcards in the path for this rule?
The use of leading wildcards in a query is not recommended unless absolutely necessary because they carry a significant performance penalty for the search.
What is an example of a leading wildcard?
An administrator needs to make sure all files are scanned locally upon execution.
Which setting is necessary to complete this task?
An administrator has just placed an endpoint into bypass.
What type of protection, if any, will VMware Carbon Black provide this device?