最新的VMware 5V0-91.20免費考試真題

問題1

Which identifier is shared by all events when an alert is investigated?

A. Process ID

B. Event ID

C. Priority Score

D. Alert ID

正確答案: B

問題2

Which reputation is processed with the lowest priority for Endpoint Standard?

A. Known Malware

B. Common White

C. Local White

D. Trusted White

正確答案: A

問題3

A process has created a number of interesting (executable) files in one sequence.
In addition to the event Subtype 'New Unapproved File to Computer', what other event subtype is likely to be associated with this sequence?

A. File Upload Completed

B. File Properties Modified

C. File Group Created

D. New File Discovered on Startup

正確答案: D

問題4

An alert for a device running a proprietary application is tied to a vital business operation.
Which action is appropriate to take?

A. Deny the operation.

B. Quarantine the device.

C. Terminate the process.

D. Add the application to the Approved List.

正確答案: D

問題5

What does the Aggressive setting do when configured in Local Scan Settings?

A. It scans new files on first execution.

B. It scans all files on execution.

C. It enables signature updates for the scanner.

D. It adds a temporary reputation.

正確答案: A

問題6

An administrator has updated a Threat Intelligence Report by turning it into a watchlist and needs to disable (Ignore) the old Threat Intelligence Report.
Where in the UI is this action not possible to perform?

A. Triage Alerts Page

B. Threat Intelligence Feeds Page

C. Threat Report Page

D. Search Threat Reports Page

正確答案: B

問題7

A Carbon Black Cloud analyst needs to identify the Internet Explorer extensions installed on Windows endpoints.
Which Live Query statement will successfully query these items?

A. SELECT * FROM registry JOIN ie_extensions;

B. SELECT * FROM registry WHERE ie_extensions;

C. SELECT * FROM ie_extensions;

D. SELECT * FROM ie_extensions WHERE enabled=true;

正確答案: A

問題8

Given the following query:
SELECT hostname, cpu_type, cpu_brand, cpu_physical_cores, cpu_logical_cores, cpu_microcode, (1.0 * physical_memory / (1000*1000*1000)) AS physical_mem_gb, hardware_vendor, hardware_model, hardware_version, hardware_serial FROM system_info; Which statement Is correct?

A. This query is missing a filter option.

B. This query combines data from several different tables.

C. This query shows data from the physical_mem_gb column.

D. This query customizes the results returned by the system.

正確答案: A

問題9

An analyst is reviewing an alert in Enterprise EDR from a custom watchlist. The analyst disagrees with the alert severity rating.
How can the analyst change the alert severity value, if this is possible?

A. Change the alert severity on the watchlist.

B. The alert severity is assigned by the backend analytics.

C. The alert severity is not configurable.

D. Change the alert severity on the report.

正確答案: A

最新的VMware Carbon Black Portfolio Skills - 5V0-91.20免費考試真題

聯系我們

站內鏈接

最新更新