5V0-91.20 無料問題集「VMware Carbon Black Portfolio Skills」

Examine the following EDR query:
file_desc:"Windows Command Processor" AND -process_name:cmd.exe
Which process will show in the query results?

How long will Live Queries in Carbon Black Audit and Remediation run before timing out?

Which ID in Endpoint Standard is associated with one specific action, involves up to three different hashes (Parent, Process, Target), and occurs on a single device at a specific time?

While an administrator is reviewing an alert, the device is observed beaconing to an unknown destination.
Which action should be taken to stop this behavior?

An analyst on the security team noticed that several alerts are false positives within Enterprise EDR. The analyst disables the IOC within the report from those alerts.
Which statement correctly explains what disabling the IOC will accomplish?

An analyst is investigating an alert within Enterprise EDR on the process analysis page. The process tree can be seen below:

Which statement accurately characterizes this situation?

An analyst has investigated multiple alerts on a number of HR workstations and found that java.exe is attempting to PowerShell. Of the Windows workstations in question, the analyst has also found that Java is installed in multiple locations. The analyst needs to block java.exe from this type of operation.
Which rule meets this need?

Carbon Black App Control maintains an inventory of all interesting (executable) files on endpoints where the agent is installed.
What is the initial inventory procedure called, and how can this process be triggered?

Review the following search:
childproc_name:"rundll32.exe" AND -digsig_result:"Signed" AND path:c:\windows\* What is this search looking for?

Which statement is true about Carbon Black Live Response (CBLR)?

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡