When using VMware Carbon Black Live Response, what command will show all active processes?
- A . dir
- B . list
- C . ls
- D . ps
Which three are key features of VMware Carbon Black Cloud Enterprise EDR? (Choose three.)
- A . self-service security remediation
- B . continuous and centralized recording
- C . attack chain visualization and search
- D . live response for remote remediation
- E . frequent Antivirus pattern updates
B,C,D
Explanation:
Reference: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/docs/vmwcb-enterprise-edr-datasheet.pdf (2)
In Workspace ONE UEM, from which menu would you access Workspace ONE Intelligence?
- A . Apps & Books
- B . General Settings
- C . Device
- D . Monitor
D
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE/services/intelligence-documentation/GUID-01_intel_intro.html#:~:text=Access%20Workspace%20ONE%20Intelligence&text=Access %20the%20reports%20by%20navigating,console%2C%20follow%20the%20required%20st eps
Which option would be considered an example of aHardware Based Exploit?
- A . SQL Injection
- B . Social Engineering
- C . Jail Breaking
- D . Denial of Service
C
Explanation:
Reference: https://www.kaspersky.com/resource-center/definitions/what-is-jailbreaking
Which three default connectors are available in Workspace ONE Intelligence to execute automation actions? (Choose three.)
- A . ServiceNow
- B . vRealize Operations Manager
- C . Slack
- D . Log Insight
- E . Workspace ONE UEM
A,C,E
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE/services/intelligence-documentation/GUID-21_intel_automations.html
If the Compromised Protection switch is enabled in Workspace ONE UEM, what is the
expected behavior on compromised devices in the environment?
- A . A tag is assigned to the compromised devices and the admin gets notification
- B . Compromised devices are automatically Enterprise Wiped
- C . A block is set for all network connections except to the VMware servers
- D . Devices are marked as non-compliant and the admin gets a notification
Refer to the exhibit.
From theVMware Carbon Black Cloud console, what page do you go to after clicking the Non-Malware bar in the Potentially Suspicious Activity chart?
- A . Notifications page with the selected alert filtered
- B . Reputations page with the selected reputation filtered
- C . Investigate page with the selected reputation filtered
- D . Alerts page with the selected alert filtered
D
Explanation:
Reference: https://docs.vmware.com/en/VMware-Carbon-Black-Cloud/services/carbon-black-cloud-user-guide.pdf (15)
Which three Workspace ONE UEM capabilities are used to configure security policies on Windows 10 desktops? (Choose three.)
- A . Application Profiles
- B . Custom XML
- C . Custom Attributes
- D . Baselines
- E . Native Profiles
B,C,D
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/Windows_Desktop_Device_Management/GUID-uemWindeskProfiles.html
What is the default user’s network range when creating a new access policy rule in Workspace ONE Access?
- A . 10.0.0.0/8
- B . ALL RANGES
- C . 192.168.0.0/16
- D . LOCAL SUBNET
B
Explanation:
Reference: https://docs.vmware.com/en/VMware-Workspace-ONE-Access/20.01/ws1_access_authentication/GUID-3D7AB065-E2ED-4525-B575-2A576BAA3CC3.html
Which three common mitigations for social engineering attacks? (Choose three.)
- A . user training
- B . filtering Email attachments
- C . update Antivirus software
- D . remove applications
- E . blocking execution of suspicious files
Which three are components of the NSX-T Software-defined Firewall? (Choose three.)
- A . NSX Distributed IDS
- B . NSX Identity Firewall
- C . NSX Edge Firewall
- D . NSX Intelligence
- E . NSX Distributed Firewall
- F . NSX Identity Manager
A,D,E
Explanation:
Reference: https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/products/nsx/vmware-nsx-datasheet.pdf
In Workspace ONE Intelligence, which of the following is a role that can be assigned to an administrator account?
- A . Super User
- B . Helpdesk
- C . Read-only
- D . Automater
What is the safe course of action for a USB disk of unknown ownership and origin?
- A . Do not connect the USB to any computer as it may be a USB Killer device
- B . Connect the USB device to your computer and allow the DLP software to protect it
- C . Connect the USB to a non-Windows device and examine it
- D . Connect the USB to an air gapped system and examine it
D
Explanation:
Reference: https://blogs.vmware.com/vsphere/2020/02/good-security-thrives-in-simplicity.html
Which would require a Layer 7 Firewall?
- A . block a specific port
- B . block a subnet range
- C . block a host
- D . block a specific application
D
Explanation:
Reference: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/administration/GUID-8F3CB282-B38E-49E1-951A-7D6B972B1FB7.html
Refer to the exhibit.
Whichstatement is true about the firewall rule?
- A . It is a gateway firewall applied to a Tier-0 gateway that drops traffic on port 22
- B . It is a distributed firewall applied to App-Services, DB-Servers and Web-Servers that rejects traffic on port 22
- C . It is adistributed firewall applied to App-Services, DB-Servers and Web-Servers that drops traffic on port 22
- D . It is a gateway firewall applied to a Tier-0 gateway that rejects traffic on port 22