- All Exams Instant Download
Which statement accurately characterizes Alerts that are categorized as a "Threat" versus those categorized as "Observed"?
Which statement accurately characterizes Alerts that are categorized as a "Threat" versus those categorized as "Observed"?A . "Threat" indicates an ongoing attack. "Observed" indicates the attack is over and is being watched.B . "Threat" indicates a more likely malicious event. "Observed" are less likely to be malicious.C . "Threat" indicates...
What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?
What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?A . Priority 1: Ignore, Priority 11: UnknownB . Priority 1: Unknown, Priority 11: IgnoreC . Priority 1: Known Malware, Priority 11: Common WhiteD . Priority 1: Company Allowed, Priority 11: Not Listed/Adaptive WhiteView AnswerAnswer: A
Which additional steps must be taken to complete the task?
An administrator wants to block an application by its path instead of reputation. The following steps have already been taken: Go to Enforce > Policies > Select the desired policy > Which additional steps must be taken to complete the task?A . Click Enforce > Add application path nameB ....
Which three IDs may be used for this purpose?
An administrator needs to use an ID to search and investigate security incidents in Carbon Black Cloud. Which three IDs may be used for this purpose? (Choose three.)A . ThreatB . HashC . SensorD . EventE . UserF . AlertView AnswerAnswer: B, D, F
What type of protection, if any, will VMware Carbon Black provide this device?
An administrator has just placed an endpoint into bypass. What type of protection, if any, will VMware Carbon Black provide this device?A . VMware Carbon Black will be uninstalled from the endpoint.B . VMware Carbon Black will place the machine in quarantine.C . VMware Carbon Black will not provide any...
Which action should the administrator take immediately to block that connection?
An administrator is investigating an alert and reads a summary that says: The application powershell.exe was leveraged to make a potentially malicious network connection. Which action should the administrator take immediately to block that connection?A . Click Delete ApplicationB . Click Quarantine AssetC . Click Export AlertD . Click Drop...
Which VMware Carbon Black Cloud integration is supported for SIEM?
Which VMware Carbon Black Cloud integration is supported for SIEM?A . SolarWindsB . LogRhythmC . Splunk AppD . DatadogView AnswerAnswer: C
Which command is used to immediately terminate a current Live Response session?
Which command is used to immediately terminate a current Live Response session?A . killB . detach -qC . deleteD . execfgView AnswerAnswer: B
Is it possible to search for unsigned files in the console?
Is it possible to search for unsigned files in the console?A . Yes, by using the search: NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNEDB . No, it is not possible to return a query for unsigned files.C . Yes, by using the search: process_publisher_state:FILE_SIGNATURE_STATE_UNSIGNEDD . Yes, by looking at signed and unsigned executables in the...
Which item needs to be enabled in order to enforce this requirement?
An administrator has been tasked with preventing the use of unauthorized USB storage devices from being used in the environment. Which item needs to be enabled in order to enforce this requirement?A . Enable the Block access to all unapproved USB devices within the policies option.B . Choose to disable...
