Weekend Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Question # 4

An administrator has dismissed a group of alerts and ticked the box for "Dismiss future instances of this alert on all devices in all policies". There is also a Notification configured to email the administrator whenever an alert of the same Severity occurs. The following day, a new alert is added to the same group of alerts.

How will this alert be handled?

A.

The alert will show when the Dismissed filter is selected on the Alerts page, and a Notification email will be sent.

B.

The alert will show when the Dismissed filter is selected on Alerts page, but a Notification email will not be sent.

C.

The alert will show when the Not Dismissed filter is selected on Alerts page, and a Notification email will be sent.

D.

The alert will show when Not Dismissed filter is selected on Alerts page, but a Notification email will not be sent.

Full Access
Question # 5

What is a security benefit of VMware Carbon Black Cloud Endpoint Standard?

A.

A flexible query scheduler that can be used to gather information about the environment

B.

Visibility into the entire attack chain and customizable threat intelligence that can be used to gain insight into problems

C.

Customizable threat feeds that plug into a single agent and single console

D.

Policy rules that can be tested by selecting test rule next to the desired operation attempt

Full Access
Question # 6

Is it possible to search for unsigned files in the console?

A.

Yes, by using the search:

NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNED

B.

No, it is not possible to return a query for unsigned files.

C.

Yes, by using the search:

process_publisher_state:FILE_SIGNATURE_STATE_UNSIGNED

D.

Yes, by looking at signed and unsigned executables in the environment and seeing if another difference can be found, thus locating unsigned files in the environment.

Full Access
Question # 7

An administrator needs to configure a policy for macOS and Linux Sensors, not enabling settings which are only applicable to Windows.

Which three settings are only applicable to Sensors on the Windows operating system? (Choose three.)

A.

Delay execute for cloud scan

B.

Allow user to disable protection

C.

Submit unknown binaries for analysis

D.

Expedited background scan

E.

Scan execute on network drives

F Require code to uninstall sensor

Full Access
Question # 8

The use of leading wildcards in a query is not recommended unless absolutely necessary because they carry a significant performance penalty for the search.

What is an example of a leading wildcard?

A.

filemod:system32/ntdll.dll

B.

filemod:system32/*ntdll.dll

C.

filemod:*/system32/ntdll.dll

D.

filemod:system32/ntdll.dll*

Full Access
Question # 9

What is a capability of VMware Carbon Black Cloud?

A.

Continuous and decentralized recording

B.

Attack chain visualization and search

C.

Real-time view of attackers

D.

Automation via closed SOAP APIs

Full Access
Question # 10

An organization is implementing policy rules. The administrator mentions that one operation attempt must use a Terminate Process action.

Which operation attempt has this requirement?

A.

Performs ransom ware-like behavior

B.

Runs or is running

C.

Scrapes memory of another process

D Invokes a command interpreter

Full Access
Question # 11

Which VMware Carbon Black Cloud integration is supported for SIEM?

A.

SolarWinds

B.

LogRhythm

C.

Splunk App

D.

Datadog

Full Access
Question # 12

A security administrator notices an unusual software behavior on an endpoint. The administrator immediately used the search query to collect data and start analyzing indicators to find the solution.

What is a pre-requisite step in gathering specific vulnerability data to export it as a CSV file for analysis?

A.

Perform a custom search on the Endpoint Page.

B.

Access the Audit Log content to see associated events.

C.

Search for specific malware byhash or filename.

D.

Enable cloud analysis.

Full Access
Question # 13

An administrator has configured a terminate rule to prevent an application from running. The administrator wants to confirm that the new rule would have prevented a previous execution that had been observed.

Which feature should the administrator leverage for this purpose?

A.

Setup a notification based on a policy action, and then select Terminate.

B.

Utilize the Test rule link from within the rule.

C.

Configure the rule to terminate the process.

D.

Configure the rule to deny operation of the process.

Full Access
Question # 14

Which permission level is required when a user wants to install a sensor on a Windows endpoint?

A.

Everyone

B.

Administrator

C.

Root

D.

User

Full Access
Question # 15

An administrator needs to make sure all files are scanned locally upon execution.

Which setting is necessary to complete this task?

A.

On-Access File Scan Mode must be set to Aggressive.

B.

Signature Update frequency must be set to 2 hours.

C.

Allow Signature Updates must be enabled.

D.

Run Background Scan must be set to Expedited.

Full Access
Question # 16

A security administrator needs to review the Live Response activities and commands that have been executed while performing a remediation process to the sensors.

Where can the administrator view this information in the console?

A.

Users

B.

Audit Log

C.

Notifications

D.

Inbox

Full Access
Question # 17

An administrator wants to find information about real-world prevention rules that can be used in VMware Carbon Black Cloud Endpoint Standard.

How can the administrator obtain this information?

A.

Refer to an external report from other security vendors to obtain solutions.

B.

Refer to the TAU-TIN's on the VMware Carbon Black community page.

C.

Refer to the VMware Carbon Black Cloud sensor install guide.

D.

Refer to VMware Carbon Black Cloud user guide.

Full Access
Question # 18

The administrator has configured a permission rule with the following options selected:

Application at path: C:\Program Files\**

Operation Attempt: Performs any operation

Action: Bypass

What is the impact, if any, of using the wildcards in the application at path field?

A.

Executable files in the "Program Files" directory and subdirectories will be ignored.

B.

Executable files in the "Program Files" directory will be blocked.

C.

Executable files in the "Program Files" directory will be logged.

D.

Executable files in the "Program Files" directory will be subject to blocking rules.

Full Access