VMware 5V0-93.22 VMware Carbon Black Cloud Endpoint Standard Skills Online Training
VMware 5V0-93.22 Online Training
The questions for 5V0-93.22 were last updated at Dec 20,2024.
- Exam Code: 5V0-93.22
- Exam Name: VMware Carbon Black Cloud Endpoint Standard Skills
- Certification Provider: VMware
- Latest update: Dec 20,2024
An administrator wants to find information about real-world prevention rules that can be used in
VMware Carbon Black Cloud Endpoint Standard.
How can the administrator obtain this information?
- A . Refer to an external report from other security vendors to obtain solutions.
- B . Refer to the TAU-TIN’s on the VMware Carbon Black community page.
- C . Refer to the VMware Carbon Black Cloud sensor install guide.
- D . Refer to VMware Carbon Black Cloud user guide.
Is it possible to search for unsigned files in the console?
- A . Yes, by using the search:
NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNED - B . No, it is not possible to return a query for unsigned files.
- C . Yes, by using the search:
process_publisher_state:FILE_SIGNATURE_STATE_UNSIGNED - D . Yes, by looking at signed and unsigned executables in the environment and seeing if another difference can be found, thus locating unsigned files in the environment.
The administrator has configured a permission rule with the following options selected:
– Application at path: C:Program Files**
– Operation Attempt: Performs any operation
– Action: Bypass
What is the impact, if any, of using the wildcards in the application at path field?
- A . Executable files in the "Program Files" directory and subdirectories will be ignored.
- B . Executable files in the "Program Files" directory will be blocked.
- C . Executable files in the "Program Files" directory will be logged.
- D . Executable files in the "Program Files" directory will be subject to blocking rules.
A script-based attack has been identified that inflicted damage to the corporate systems. The security
administrator found out that the malware was coded into Excel VBA and would like to perform a search to further inspect the incident.
Where in the VMware Carbon Black Cloud Endpoint Standard console can this action be completed?
- A . Endpoints
- B . Settings
- C . Investigate
- D . Alerts
An administrator would like to proactively know that something may get blocked when putting a policy rule in the environment.
How can this information be obtained?
- A . Search the data using the test rule functionality.
B Examine log files to see what would be impacted - B . Put the rules in and see what happens to the endpoints.
D Determine what would happen based on previously used antivirus software
An administrator has just placed an endpoint into bypass.
What type of protection, if any, will VMware Carbon Black provide this device?
- A . VMware Carbon Black will be uninstalled from the endpoint.
- B . VMware Carbon Black will place the machine in quarantine.
- C . VMware Carbon Black will not provide any protection to the endpoint.
- D . VMware Carbon Black will apply policy rules.
A security administrator needs to review the Live Response activities and commands that have been executed while performing a remediation process to the sensors.
Where can the administrator view this information in the console?
- A . Users
- B . Audit Log
- C . Notifications
- D . Inbox
Which statement accurately characterizes Alerts that are categorized as a "Threat" versus those categorized as "Observed"?
- A . "Threat" indicates an ongoing attack. "Observed" indicates the attack is over and is being watched.
- B . "Threat" indicates a more likely malicious event. "Observed" are less likely to be malicious.
- C . "Threat" indicates a block (Deny or Terminate) has occurred. "Observed" indicates that there is no block.
- D . "Threat" indicates that no block (Deny or Terminate) has occurred. "Observed" indicates a block.
An administrator is working in a development environment that has a policy rule applied and notices that there are too many blocks. The administrator takes action on the policy rule to troubleshoot the issue until the blocks are fixed.
Which action should the administrator take?
- A . Unenforce
- B . Disable
- C . Recall
- D . Delete
An organization has the following requirements for allowing application.exe:
– Must not work for any user’s D: drive
– Must allow running only from inside of the user’s TempAllowed directory
– Must not allow running from anywhere outside of TempAllowed
For example, on one user’s machine, the path is C:UsersLorieTempAllowedapplication.exe.
Which path meets this criteria using wildcards?
- A . C:Users?TempAllowedapplication.exe
- B . C:Users*TempAllowedapplication.exe
- C . *:Users**TempAllowedapplication.exe
- D . *:Users*TempAllowedapplication.exe