VMware 5V0-91.20 VMware Carbon Black Portfolio Skills Online Training
VMware 5V0-91.20 Online Training
The questions for 5V0-91.20 were last updated at Dec 20,2024.
- Exam Code: 5V0-91.20
- Exam Name: VMware Carbon Black Portfolio Skills
- Certification Provider: VMware
- Latest update: Dec 20,2024
An administrator is searching for any child processes of email clients with this query in Carbon Black Enterprise EDR:
parent_name:outlook.exe OR parent_name:thunderbird.exe OR parent_name:eudora.exe
The administrator would like to modify this query to only show child processes that do not have a known reputation in the Carbon Black Cloud.
Which search field can be added to the query to show the desired results?
- A . process_integrity_level
- B . process_reputation
- C . process_privileges
- D . process_cloud_reputation
An analyst is reviewing an alert in Enterprise EDR from a custom watchlist. The analyst disagrees with the alert severity rating.
How can the analyst change the alert severity value, if this is possible?
- A . The alert severity is assigned by the backend analytics.
- B . The alert severity is not configurable.
- C . Change the alert severity on the watchlist.
- D . Change the alert severity on the report.
How long will Live Queries in Carbon Black Audit and Remediation run before timing out?
- A . 30 days
- B . 14 days
- C . 180 days
- D . 7 days
Which reputation is processed with the lowest priority for Endpoint Standard?
- A . Local White
- B . Known Malware
- C . Trusted White
- D . Common White
Which value should an administrator use when reviewing an alert to determine the file reputation at the time the event occurred?
- A . Cloud Reputation (Initial)
- B . Effective Reputation
- C . Local Reputation
- D . Cloud Reputation (Current)
App Control System Health email alerts for excessive agent backlog are occurring hourly. This is overwhelming the analysts, and they would like to reduce the notifications.
How can the analyst reduce the unneeded alerts?
- A . Set the email address for subscribers to an invalid email.
- B . Change reminder email to daily or disabled.
- C . Disable the alert.
- D . Delete the alert.
Which statement filters data to only return rows where the publisher of the software includes VMware anywhere in the name?
- A . WHERE publisher = "%VMware%"
- B . WHERE publisher = "%VMware"
- C . WHERE publisher LIKE "VMware%"
- D . WHERE publisher LIKE "%VMware%"
A company wants to implement the strictest security controls for computers on which the software seldom changes (i.e., servers or single-purpose systems).
Which Enforcement Level is the most fitting?
- A . Low Enforcement
- B . Medium Enforcement
- C . High Enforcement
- D . None (Visibility)
Review this result after executing a query in the Process Search page, noting the circled black dot:
What is the meaning of the black dot shown under Tags?
- A . The execution of the process resulted in watchlist hits.
- B . The events for the process were tagged in an investigation.
- C . The events for the process were also sent to the Syslog Server.
- D . The execution of the process resulted in feed hits.
How often do watchlists run?
- A . Every 10 minutes
- B . Every 5 minutes
- C . Watchlists can be configured to run at scheduled intervals
- D . Every 30 minutes