5V0-91.20無料問題集「VMware Carbon Black Portfolio Skills」

質問 1

Refer to the exhibit:

Which two statements are true about Carbon Black Live Response (CBLR)? (Choose two.)

（A）A CBLR session is established.

（B）A CBLR session is not attached.

（C）CBLR is disabled.

（D）CBLR is enabled.

（E）A CBLR session already exists.

正解：B、E 解答を投票する

質問 2

An administrator has configured a policy to run a standard background scan.
How long does this one-time scan take to complete on endpoints assigned to that policy?

（A）1 day

（B）3-5 days

（C）180 days

（D）30 days

正解：D 解答を投票する

質問 3

An Endpoint Standard administrator finds a binary in the environment and decides to manually add the file hash to the Banned List.
Which reputation does the file now have?

（A）Company Black

（B）Adware/PUP Malware

（C）Known Malware

（D）Suspect/Heuristic Malware

正解：D 解答を投票する

質問 4

Given the following query:
SELECT * FROM users WHERE UID >= 500;
Which statement is correct?

（A）This query limits the number of columns to display in the results.

（B）This query filters results sent to the cloud.

（C）This query is missing a parameter for validity.

（D）This query returns all accounts found on systems.

正解：A 解答を投票する

質問 5

Review the following EDR query:
(parent_name:powershell.exe OR parent_name:cmd.exe) AND netconn_count:[l TO *] Which process would show in the query results?

（A）Processes invoking Powershell.exe and cmd.exe with multiple network connection events

（B）Processes invoking Powershell.exe or cmd.exe with multiple network connection events

（C）Processes invoked by Powershell.exe and cmd.exe with a single network connection event

（D）Processes invoked by Powershell.exe or cmd.exe with any number of network connection events

正解：C 解答を投票する

質問 6

Review the following query:
path:c:\program\ files\ \(x86\)\microsoft
How would this query input term be interpreted?

（A）c:\program files (x86)\microsoft

（B）c:rogram files (x86)icrosoft

（C）c:rogramfilesx86icrosoft

（D）c:\program files x86\microsoft

正解：A 解答を投票する

質問 7

Refer to the exhibit, noting the circled red dot:

What is the meaning of the red dot under Hits in the Process Search page?

（A）Whether the execution of the process resulted in a syslog hit

（B）Whether the execution of the process resulted in a sensor hit

（C）Whether the execution of the process resulted in matching hits for different users

（D）Whether the execution of the process resulted in a feed hit

正解：C 解答を投票する

質問 8

An incorrectly constructed watchlist generates 10,000 incorrect alerts.
How should an administrator resolve this issue?

（A）From the Triage Alerts Page, use the facets to select the watchlist, click the Wrench button to "Mark all as Resolved False Positive", and then update the watchlist with the correct criteria.

（B）Update the Triage Alerts Page to show 200 alerts, click the Select All Checkbox, click the "Dismiss Alert(s)" button for each page, and then update the watchlist with the correct criteria.

（C）From the Watchlists Page, select the offending watchlist, click "Clear Alerts" from the Action menu, and then update the watchlist with the correct criteria.

（D）Delete the watchlist to automatically clear the alerts, and then create a new watchlist with the correct criteria.

正解：A 解答を投票する

質問 9

When dismissing alerts, when should an administrator select "If alert occurs in the future, automatically dismiss it from all devices"?

（A）When the administrator wishes to mark the alert instance as a false positive

（B）When the administrator wishes to be notified again to this behavior

（C）When the administrator wishes to remove the alert

（D）When the administrator wishes to apply this action to all future alerts from the device

正解：D 解答を投票する

質問 10

Which statement filters data to only return rows where the publisher of the software includes VMware anywhere in the name?

（A）WHERE publisher = "%VMware%"

（B）WHERE publisher = "%VMware"

（C）WHERE publisher LIKE "VMware%"

（D）WHERE publisher LIKE "%VMware%"

正解：D 解答を投票する

5V0-91.20 無料問題集「VMware Carbon Black Portfolio Skills」

弊社を連絡する

関連リンク

トップ試験