Download VMware Carbon Black Portfolio Skills.5V0-91.20.VCEplus.2021-03-05.56q.vcex

Vendor: VMware
Exam Code: 5V0-91.20
Exam Name: VMware Carbon Black Portfolio Skills
Date: Mar 05, 2021
File Size: 1 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: EXAM_HUB

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
An administrator is troubleshooting App Control agent issues. When navigating to the Computer Details page, the administrator sees the following: 
   
  
What is the status of the WINDOWS-CLIENT agent?
  1. Connected and Up to date
  2. Disconnected and Up to date
  3. Connected but unsupported
  4. Connected but health check failed
Correct answer: B
Question 2
There is a need to ignore all activity at an application path. Which rule definition should be used to address this need?
  1. Application at Path, Performs any operation, Bypass
  2. Application at Path, Runs or is Running, Bypass
  3. Application at Path, Runs or is Running, Allow & Log
  4. Application at Path, Performs any operation, Allow & Log
Correct answer: A
Explanation:
Reference: https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-Console-How-to-Set-up-Exclusions-in-the/ta-p/42334
Reference: https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-Console-How-to-Set-up-Exclusions-in-the/ta-p/42334
Question 3
An analyst is investigating an alert within the Enterprise EDR console and needs to take action on it.  
Which three actions are available to take on the alert? (Choose three.)
  1. Ignore alert
  2. Dismiss
  3. Dismiss on all devices if grouping is enabled 
  4. Edit watchlist
  5. Save report
  6. Notifications history
Correct answer: BCE
Explanation:
Reference: https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-How-to-Dismiss-Alerts/ta-p/51766
Reference: https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-How-to-Dismiss-Alerts/ta-p/51766
Question 4
An administrator needs to manage a group of sensors from within the console.  
Which three actions are available for sensors within the Sensor Group? (Choose three.)
  1. Move to group
  2. Disable
  3. Restart
  4. Ban
  5. Uninstall
  6. Share Settings
Correct answer: ACE
Explanation:
Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjttoeA3ILvAhU6QhUIHZaND-YQFjAAegQIARAD&url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%2Fproduct-docs-news%2F3020%2F1%2FCB_EDR_7.3_User_Guide.pdf&usg=AOvVaw23smt4s66MWHdv9jM2PYF- (86)
Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjttoeA3ILvAhU6QhUIHZaND-YQFjAAegQIARAD&url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%2Fproduct-docs-news%2F3020%2F1%2FCB_EDR_7.3_User_Guide.pdf&usg=AOvVaw23smt4s66MWHdv9jM2PYF- (86)
Question 5
An analyst has investigated two alerts on two separate HR workstations and found that notepad.exe has established communication to another IP address.  
Which rule will kill notepad.exe entirely if this activity is detected in the future?
  1. **\system32\notepad.exe --> Communicates over the network --> Terminate process
  2. **\system32\notepad.exe --> Runs or is Running --> Deny operation
  3. **/system32/notepad.exe --> Runs or is Running --> Terminate process
  4. **/system32/notepad.exe--> Communicates over the network --> Deny operation
Correct answer: C
Explanation:
Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj88fL33YLvAhVQRhUIHYbdDxAQFjABegQIARAD&url=https%3A%2F%2Fwww.carbonblack.com%2Fblog%2Fcb-threatsightinvestigation-reveals-retadup-worm-leverages-autoit-launch-monero-cryptomining-campaign%2F&usg=AOvVaw0De3tmD7FlQSs8VNMVsH7u
Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwj88fL33YLvAhVQRhUIHYbdDxAQFjABegQIARAD&url=https%3A%2F%2Fwww.carbonblack.com%2Fblog%2Fcb-threatsightinvestigation-reveals-retadup-worm-leverages-autoit-launch-monero-cryptomining-campaign%2F&usg=AOvVaw0De3tmD7FlQSs8VNMVsH7u
Question 6
A Carbon Black administrator received an alert for an untrusted hash executing in the environment.  
Which two information items are found in the alert pane? (Choose two.)
  1. Launch Live Query
  2. Launch process analysis
  3. User quarantine
  4. Add hash to banned list 
  5. IOC short name
Correct answer: AB
Question 7
An administrator observes the following event detail in the Investigate tab for an application with an unknown reputation making network connections: 
   
  
Upon further review of the event details returned, the reputation is observed as NOT_LISTED, and the applied (cloud) reputation is UNKNOWN.  
Why is the applied (cloud) reputation UNKNOWN and not NOT_LISTED?
  1. The sensor demoted the local reputation from UNKNOWN to NOT_LISTED based on the coud reputation.
  2. NOT_LISTED was applied by the sensor after observing no cloud reputation, as evidenced by the applied cloud reputation UNKNOWN.
  3. The application was UNKNOWN at the time of the event but then later determined to be NOT_LISTED.
  4. The sensor demoted the local reputation from NOT_LISTED to UNKNOWN based on the cloud reputation.
Correct answer: C
Explanation:
 
 
Question 8
In which two ways can the tamper protection on an App Control agent be disabled when diagnosing agent issues or removing the agent? (Choose two.)
  1. From the Computer Details page on the web console
  2. From the Files on Computers page on the web console
  3. Run authenticated DasCLI on Windows command prompt
  4. Run RepCLI on Windows command prompt
  5. From the File Catalog page on the web console
Correct answer: AC
Explanation:
Reference: https://community.carbonblack.com/t5/Knowledge-Base/App-Control-How-to-Disable-Enable-Tamper-Protection/ta-p/37220
Reference: https://community.carbonblack.com/t5/Knowledge-Base/App-Control-How-to-Disable-Enable-Tamper-Protection/ta-p/37220
Question 9
Which Sensor Status under Endpoint Health indicates that a system's policy enforcement is disabled, and the sensor is not sending security event data to the cloud?
  1. Quarantined
  2. Deregistered
  3. Inactive
  4. Bypass
Correct answer: D
Explanation:
Reference: https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-What-Happens-When-Bypass-has-been-Enabled-on-the/ta-p/74905
Reference: https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-What-Happens-When-Bypass-has-been-Enabled-on-the/ta-p/74905
Question 10
An Enterprise EDR administrator has created a custom Watchiist and wants to add a custom query to a report in the custom Watchiist.  
From which page can the administrator add this custom query?
  1. Policies
  2. Watchlists
  3. Investigate
  4. Cloud Analysis
Correct answer: C
Explanation:
Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwih0bWU4oLvAhX-UBUIHVBDDSUQFjAAegQIAhAD&url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%2Fproduct-docs-news%2F1913%2F18%2FEnterprise%2520EDR%2520Getting%2520Started.pdf&usg=AOvVaw2_M7opfEgUaIIfutBZChvk
Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwih0bWU4oLvAhX-UBUIHVBDDSUQFjAAegQIAhAD&url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%2Fproduct-docs-news%2F1913%2F18%2FEnterprise%2520EDR%2520Getting%2520Started.pdf&usg=AOvVaw2_M7opfEgUaIIfutBZChvk
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!