New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

5V0-93.22 Questions and Answers

Question # 6

What is a capability of VMware Carbon Black Cloud?

A.

Continuous and decentralized recording

B.

Attack chain visualization and search

C.

Real-time view of attackers

D.

Automation via closed SOAP APIs

Full Access
Question # 7

An administrator needs to create a search, but it must exclude "system.exe".

How should this task be completed?

A.

#process_name:system.exe

B.

*process_name:system.exe

C.

D.

-process_name:system.exe

Full Access
Question # 8

An organization is implementing policy rules. The administrator mentions that one operation attempt must use a Terminate Process action.

Which operation attempt has this requirement?

A.

Performs ransom ware-like behavior

B.

Runs or is running

C.

Scrapes memory of another process

D Invokes a command interpreter

Full Access
Question # 9

An administrator needs to make sure all files are scanned locally upon execution.

Which setting is necessary to complete this task?

A.

On-Access File Scan Mode must be set to Aggressive.

B.

Signature Update frequency must be set to 2 hours.

C.

Allow Signature Updates must be enabled.

D.

Run Background Scan must be set to Expedited.

Full Access
Question # 10

A security administrator notices an unusual software behavior on an endpoint. The administrator immediately used the search query to collect data and start analyzing indicators to find the solution.

What is a pre-requisite step in gathering specific vulnerability data to export it as a CSV file for analysis?

A.

Perform a custom search on the Endpoint Page.

B.

Access the Audit Log content to see associated events.

C.

Search for specific malware byhash or filename.

D.

Enable cloud analysis.

Full Access
Question # 11

An administrator wants to prevent a spreadsheet from being misused to run malicious code, while minimizing the risk of breaking normal operations of a spreadsheet.

Which rule should be used?

A.

**\Microsoft Office\** [Runs external code] [Terminate process]

B.

**\excel.exe [Invokes a command interpreter] [Deny operation]

C.

**/Microsoft Excel.app/** [Communicates over the network] [Terminate process]

D.

**\excel.exe [Runs malware] [Deny operation]

Full Access
Question # 12

What is a security benefit of VMware Carbon Black Cloud Endpoint Standard?

A.

A flexible query scheduler that can be used to gather information about the environment

B.

Visibility into the entire attack chain and customizable threat intelligence that can be used to gain insight into problems

C.

Customizable threat feeds that plug into a single agent and single console

D.

Policy rules that can be tested by selecting test rule next to the desired operation attempt

Full Access
Question # 13

An administrator is reviewing how event data is categorized and identified in VMware Carbon Black Cloud.

Which method is used?

A.

By Unique Process ID

B.

By Process Name

C.

By Unique Event ID

D.

By Event Name

Full Access
Question # 14

An organization has found application.exe running on some machines in their Workstations policy. Application.exe has a SUSPECT_MALWARE reputation and runs from C:\Program Files\IT\Tools. The Workstations policy has the following rules which could apply:

Blocking and Isolation Rule

Application on the company banned list > Runs or is running > Deny

Known malware > Runs or is running > Deny

Suspect malware > Runs or is running > Terminate

Permissions Rule

C:\Program Files\IT\Tools\* > Performs any operation > Bypass

Which action, if any, should an administrator take to ensure application.exe cannot run?

A.

Change the reputation to KNOWN MALWARE to a higher priority.

B.

No action needs to be taken as the file will be blocked based on reputation alone.

C.

Remove the Permissions rule for C:\Program FilesMTVToolsV.

D.

Add the hash to the company banned list at a higher priority.

Full Access
Question # 15

An administrator wants to block an application by its path instead of reputation. The following steps have already been taken:

Go to Enforce > Policies > Select the desired policy >

Which additional steps must be taken to complete the task?

A.

Click Enforce > Add application path name

B.

Scroll down to the Permissions section > Click Add application path > Enter the path of the desired application

C.

Scroll down to the Blocking and Isolation section > Click Edit (pencil icon) for the desired Reputation

D.

Scroll down to the Blocking and Isolation section > Click Add application path > Enter the path of the desired application

Full Access
Question # 16

An administrator wants to block ransomware in the organization based on leadership's growing concern about ransomware attacks in their industry.

What is the most effective way to meet this goal?

A.

Look at current attacks to see if the software that is running is vulnerable to potential ransomware attacks.

B.

Turn on the performs ransomware-like behavior rule in the policies.

C.

Recognize that analytics will automatically block the attacks that may occur.

D.

Start in the monitored policy until it is clear that no attacks are happening.

Full Access
Question # 17

A company wants to prevent an executable from running in their organization. The current reputation for the file is NOT LISTED, and the machines are in the default standard policy.

Which action should be taken to prevent the file from executing?

A.

Add the hash to the MALWARE list.

B.

Use Live Response to kill the process.

C.

Use Live Response to delete the file.

D.

Add the hash to the company banned list.

Full Access
Question # 18

What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?

A.

Priority 1: Ignore, Priority 11: Unknown

B.

Priority 1: Unknown, Priority 11: Ignore

C.

Priority 1: Known Malware, Priority 11: Common White

D.

Priority 1: Company Allowed, Priority 11: Not Listed/Adaptive White

Full Access