5V0-93.22 V1

An administrator is working in a development environment that has a policy rule applied and notices that there are too many blocks. The administrator takes action on the policy rule to troubleshoot the issue until the blocks are fixed. Which action should the administrator take?A . UnenforceB . DisableC ....

The administrator has configured a permission rule with the following options selected: - Application at path: C:Program Files** - Operation Attempt: Performs any operation - Action: Bypass What is the impact, if any, of using the wildcards in the application at path field?A . Executable files in the "Program Files"...

An administrator is investigating an alert and reads a summary that says: The application powershell.exe was leveraged to make a potentially malicious network connection. Which action should the administrator take immediately to block that connection?A . Click Delete ApplicationB . Click Quarantine AssetC . Click Export AlertD . Click Drop...

A security administrator needs to review the Live Response activities and commands that have been executed while performing a remediation process to the sensors. Where can the administrator view this information in the console?A . UsersB . Audit LogC . NotificationsD . InboxView AnswerAnswer: B

Which statement accurately characterizes Alerts that are categorized as a "Threat" versus those categorized as "Observed"?A . "Threat" indicates an ongoing attack. "Observed" indicates the attack is over and is being watched.B . "Threat" indicates a more likely malicious event. "Observed" are less likely to be malicious.C . "Threat" indicates...

An organization has the following requirements for allowing application.exe: - Must not work for any user's D: drive - Must allow running only from inside of the user's TempAllowed directory - Must not allow running from anywhere outside of TempAllowed For example, on one user's machine, the path is C:UsersLorieTempAllowedapplication.exe....

An administrator would like to proactively know that something may get blocked when putting a policy rule in the environment. How can this information be obtained?A . Search the data using the test rule functionality. B Examine log files to see what would be impactedB . Put the rules in...

A script-based attack has been identified that inflicted damage to the corporate systems. The security administrator found out that the malware was coded into Excel VBA and would like to perform a search to further inspect the incident. Where in the VMware Carbon Black Cloud Endpoint Standard console can this...

An administrator has just placed an endpoint into bypass. What type of protection, if any, will VMware Carbon Black provide this device?A . VMware Carbon Black will be uninstalled from the endpoint.B . VMware Carbon Black will place the machine in quarantine.C . VMware Carbon Black will not provide any...

Is it possible to search for unsigned files in the console?A . Yes, by using the search: NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNEDB . No, it is not possible to return a query for unsigned files.C . Yes, by using the search: process_publisher_state:FILE_SIGNATURE_STATE_UNSIGNEDD . Yes, by looking at signed and unsigned executables in the...