[2022年03月05日] 最速準備で試験合格!5V0-91.20問題の事前予備
5V0-91.20のPDF問題集リアル2022最近更新された問題
質問 29
Which Sensor Status under Endpoint Health indicates that a system's policy enforcement is disabled, and the sensor is not sending security event data to the cloud?
- A. Deregistered
- B. Bypass
- C. Inactive
- D. Quarantined
正解: B
解説:
Reference:
Bypass-has-been-Enabled-on-the/ta-p/74905
質問 30
The security operations group is complaining that they are getting multiple App Control alerts for specific malicious files after they have banned the file.
Which step is necessary to prevent future alerts on these files?
- A. Edit the Malicious File Detected Alert. Select the criteria: Ignore already banned files and Ignore already approved files.
- B. Set the Alert Status to Disabled.
- C. Edit the Malicious File Detected Alert. Select the criteria: Ignore already banned files.
- D. Disable the Reminder Mail.
正解: D
質問 31
A Carbon Black Cloud analyst needs to identify the Internet Explorer extensions installed on Windows endpoints.
Which Live Query statement will successfully query these items?
- A. SELECT * FROM ie_extensions WHERE enabled=true;
- B. SELECT * FROM registry WHERE ie_extensions;
- C. SELECT * FROM registry JOIN ie_extensions;
- D. SELECT * FROM ie_extensions;
正解: C
質問 32
An Enterprise EDR administrator sees the process in the graphic on the Investigate page but does not see an alert for this process:
How can the administrator generate an alert for future hits against this watchlist?
- A. select the watchlist on the watchlists page, select the Scheduled Task Created report, and use Take Action to select Alert on hit for the report.
- B. Select the watchlist on the watchlists page, use Take Action to select Edit, and select Alert on hit.
- C. Select the watchlist on the watchlists page, select the Scheduled Task Created report, and use Take Action to toggle Alert on hit to On.
- D. Select the watchlist on the watchlists page and click on Alerts: Off to toggle the alerts to On.
正解: B
質問 33
An administrator uses the following Enterprise EDR search query to show web browsers spawning nonbrowser child processes that connect over the network:
(parent_name:chrome.exe OR parent_name:iexplore.exe OR parent_name:firefox.exe) AND (NOT process_name:chrome.exe OR NOT process_name:iexplore.exe OR NOT process_name:firefox.exe) Which field can be added to this query to filter the results by signature status?
- A. childproc_reputation
- B. process_publisher
- C. childproc_publisher_state
- D. process_publisher_state
正解: A
質問 34
An administrator is concerned that someone may be using unauthorized commands from cmd.exe. These commands are not considered suspicious or malicious, and there is no policy based around them.
Which page should the administrator use to find these commands?
- A. Alerts
- B. Policies
- C. Sensor Management
- D. Investigate
正解: C
質問 35
An incorrectly constructed watchlist generates 10,000 incorrect alerts.
How should an administrator resolve this issue?
- A. From the Watchlists Page, select the offending watchlist, click "Clear Alerts" from the Action menu, and then update the watchlist with the correct criteria.
- B. Delete the watchlist to automatically clear the alerts, and then create a new watchlist with the correct criteria.
- C. Update the Triage Alerts Page to show 200 alerts, click the Select All Checkbox, click the "Dismiss Alert(s)" button for each page, and then update the watchlist with the correct criteria.
- D. From the Triage Alerts Page, use the facets to select the watchlist, click the Wrench button to "Mark all as Resolved False Positive", and then update the watchlist with the correct criteria.
正解: D
質問 36
An alert for a device running a proprietary application is tied to a vital business operation.
Which action is appropriate to take?
- A. Terminate the process.
- B. Add the application to the Approved List.
- C. Deny the operation.
- D. Quarantine the device.
正解: B
質問 37
There is a need to ignore all activity at an application path.
Which rule definition should be used to address this need?
- A. Application at Path, Runs or is Running, Bypass
- B. Application at Path, Performs any operation, Bypass
- C. Application at Path, Runs or is Running, Allow & Log
- D. Application at Path, Performs any operation, Allow & Log
正解: B
質問 38
An administrator has configured a policy to run a standard background scan.
How long does this one-time scan take to complete on endpoints assigned to that policy?
- A. 180 days
- B. 30 days
- C. 3-5 days
- D. 1 day
正解: B
質問 39
What information does the Alert Details panel provide on the Alert Triage page in Endpoint Standard?
- A. Process ID
- B. Device ID
- C. Alert ID
- D. Threat ID
正解: D
質問 40
An administrator wants to allow files to run from a network share.
Which rule type should the administrator configure?
- A. Network Execute (Allow)
- B. Trusted Path
- C. Write Approve (Network)
- D. Execute Prompt (Shared Path)
正解: D
質問 41
An analyst has investigated multiple alerts on a number of HR workstations and found that java.exe is attempting to PowerShell. Of the Windows workstations in question, the analyst has also found that Java is installed in multiple locations. The analyst needs to block java.exe from this type of operation.
Which rule meets this need?
- A. **/Program Files/*/java.exe-> Invokes an untrusted process -> Deny operation
- B. **\Program Files\*\java.exe -> Invokes a command interpreter -> Terminate process
- C. **\java.exe -> Invokes a command interpreter -> Deny operation
- D. **/java.exe -> Invokes an untrusted process -> Terminate process
正解: B
質問 42
An analyst navigates to the alerts page in Endpoint Standard and sees the following:
What does the yellow color represent on the left side of the row?
- A. It is a threat alert and warrants immediate investigation.
- B. It is an observed alert and may indicate suspicious behavior.
- C. It is a dismissed alert within the user interface.
- D. It is an alert from a watchlist rather than the analytics engine.
正解: D
質問 43
A process is writing numerous interesting files that never actually execute.
Which rule type can the administrator define that will prevent reporting these file creations?
- A. Expert (Tag Process, Terminate Process)
- B. Execute Ignore
- C. File Creation Control (Suppress)
- D. Performance Optimization
正解: D
質問 44
......
5V0-91.20問題集と練習テスト(115試験問題):https://www.jpntest.com/shiken/5V0-91.20-mondaishu