Which action is appropriate to take?
An alert for a device running a proprietary application is tied to a vital business operation. Which action is appropriate to take?A . Add the application to the Approved List.B . Terminate the process.C . Deny the operation.D . Quarantine the device.View AnswerAnswer: A
Which search field can be added to the query to show the desired results?
An administrator is searching for any child processes of email clients with this query in Carbon Black Enterprise EDR: parent_name:outlook.exe OR parent_name:thunderbird.exe OR parent_name:eudora.exe The administrator would like to modify this query to only show child processes that do not have a known reputation in the Carbon Black Cloud. Which...
How would this query input term be interpreted?
Review the following query: path:c:program files (x86)microsoft How would this query input term be interpreted?A . c:program files x86microsoftB . c:rogram files (x86)icrosoftC . c:rogramfilesx86icrosoftD . c:program files (x86)microsoftView AnswerAnswer: D
What is the meaning, if any, of the event Report write (removable media)?
What is the meaning, if any, of the event Report write (removable media)?A . This event would never occur. App Control does not report activity on removable media.B . A Policy’s device control setting ‘Block writes to unapproved removable media’ is set to Report Only. The event details show the...
Which Enforcement Level is the most fitting?
A company wants to implement the strictest security controls for computers on which the software seldom changes (i.e., servers or single-purpose systems). Which Enforcement Level is the most fitting?A . Low EnforcementB . Medium EnforcementC . High EnforcementD . None (Visibility)View AnswerAnswer: C
What does the yellow color represent on the left side of the row?
An analyst navigates to the alerts page in Endpoint Standard and sees the following: What does the yellow color represent on the left side of the row?A . It is an alert from a watchlist rather than the analytics engine.B . It is a threat alert and warrants immediate investigation.C...
Which Live Query statement is properly constructed?
Which Live Query statement is properly constructed?A . SELECT * FROM 'users'B . select * from *:C . select from users;D . SELECT * FROM users;View AnswerAnswer: D
How can the administrator generate an alert for future hits against this watchlist?
An Enterprise EDR administrator sees the process in the graphic on the Investigate page but does not see an alert for this process: How can the administrator generate an alert for future hits against this watchlist?A . select the watchlist on the watchlists page, select the Scheduled Task Created report,...
Which ID in Endpoint Standard is associated with one specific action, involves up to three different hashes (Parent, Process, Target), and occurs on a single device at a specific time?
Which ID in Endpoint Standard is associated with one specific action, involves up to three different hashes (Parent, Process, Target), and occurs on a single device at a specific time?A . Threat IDB . Process IDC . Alert IDD . Event IDView AnswerAnswer: D
Which other trust mechanism could the organization configure for large-scale approval of these files?
An organization leverages a commonly used software distribution tool to manage deployment of enterprise software and updates. Custom rules are a suitable option to ensure the approval of files delivered by this tool. Which other trust mechanism could the organization configure for large-scale approval of these files?A . Windows UpdateB...