合格させるVMware 5V0-93.22にはFast2test提供の試験問題集で2024年08月更新 [Q29-Q54]

Share

合格させるVMware 5V0-93.22にはFast2test提供の試験問題集で2024年08月更新

完全版最新の5V0-93.22問題集、100%カバー率問題と解答があなたをリアル試験で合格させる

質問 # 29
The administrator has configured a permission rule with the following options selected:
Application at path: C:\Program Files\**
Operation Attempt: Performs any operation
Action: Bypass
What is the impact, if any, of using the wildcards in the application at path field?

  • A. Executable files in the "Program Files" directory will be blocked.
  • B. Executable files in the "Program Files" directory will be subject to blocking rules.
  • C. Executable files in the "Program Files" directory will be logged.
  • D. Executable files in the "Program Files" directory and subdirectories will be ignored.

正解:D


質問 # 30
The administrator has configured a permission rule with the following options selected:
Application at path: C:\Users\*\Downloads\**
Operation Attempt: Performs any operation
Action: Bypass
What is the impact, if any, of using the wildcards in the path for this rule?

  • A. Any executable in the downloads directory for any user on the system will be logged and allowed to execute.
  • B. Any executable in the downloads directory for any user on the system will be bypassed for inspection.
  • C. No files will be ignored from the downloads directory.
  • D. Any executable in the downloads directory will be prevented from executing.

正解:B

解説:
Explanation
The impact of using the wildcards in the path for this rule is C. Any executable in the downloads directory for any user on the system will be bypassed for inspection. This is because the permission rule has the following options selected:
Application at path: C:\Users*\Downloads**
Operation Attempt: Performs any operation
Action: Bypass
The application at path field specifies the path of the executable file that the rule applies to. The * wildcard matches 0 or more consecutive characters up to a single subdirectory level. For example, C:\Users*\ matches any subdirectory under the Users directory, such as C:\Users\Lorie, C:\Users\John, or C:\Users\Alice. The ** wildcard matches a partial path across all subdirectory levels and is recursive. For example, \Downloads** matches any files in that directory and all subdirectories. Therefore, by using the wildcards in the application at path field, the permission rule covers any executable file in the downloads directory for any user on the system.
The operation attempt field specifies the type of operation that the executable file attempts to perform. The Performs any operation option means that the rule applies to any operation, such as creating a file, modifying a registry key, or executing a command.
The action field specifies the action that the VMware Carbon Black Cloud Endpoint Standard sensor takes when the rule is triggered. The Bypass option means that the sensor ignores the executable file and does not apply any blocking rules or log any events for it1.
Therefore, by using the wildcards in the path for this rule, the permission rule effectively bypasses any executable file in the downloads directory for any user on the system from the VMware Carbon Black Cloud Endpoint Standard sensor's prevention and detection capabilities. References:
Prevention Policy Settings - VMware Docs, Permissions section, Action subsection.


質問 # 31
An administrator wants to block ransomware in the organization based on leadership's growing concern about ransomware attacks in their industry.
What is the most effective way to meet this goal?

  • A. Turn on the performs ransomware-like behavior rule in the policies.
  • B. Recognize that analytics will automatically block the attacks that may occur.
  • C. Start in the monitored policy until it is clear that no attacks are happening.
  • D. Look at current attacks to see if the software that is running is vulnerable to potential ransomware attacks.

正解:A


質問 # 32
An administrator needs to configure a policy for macOS and Linux Sensors, not enabling settings which are only applicable to Windows.
Which three settings are only applicable to Sensors on the Windows operating system? (Choose three.)

  • A. Scan execute on network drives
  • B. Expedited background scan
  • C. Require code to uninstall sensor
  • D. Submit unknown binaries for analysis
  • E. Delay execute for cloud scan
  • F. Allow user to disable protection

正解:A、C、E


質問 # 33
An administrator wants to block an application by its path instead of reputation. The following steps have already been taken:
Go to Enforce > Policies > Select the desired policy >
Which additional steps must be taken to complete the task?

  • A. Scroll down to the Blocking and Isolation section > Click Edit (pencil icon) for the desired Reputation
  • B. Scroll down to the Permissions section > Click Add application path > Enter the path of the desired application
  • C. Click Enforce > Add application path name
  • D. Scroll down to the Blocking and Isolation section > Click Add application path > Enter the path of the desired application

正解:D


質問 # 34
Which scenario would qualify for the "Local White" Reputation?

  • A. The hash was previously analyzed, AND it is not on any known good or bad lists.
  • B. The file was added as an IT took
  • C. The file was signed using a trusted certificate.
  • D. The hash was not on any known good or known bad lists, AND the file is signed.

正解:B


質問 # 35
An administrator has determined that the following rule was the cause for an unexpected block:
[Suspected malware] [Invokes a command interpreter] [Terminate process] All reputations for the process which was blocked show SUSPECT_MALWARE.
Which reputation was used by the sensor for the decision to terminate the process?

  • A. Current Cloud reputation
  • B. Initial Cloud reputation
  • C. Actioned reputation
  • D. Effective reputation

正解:D


質問 # 36
Which statement is true regarding Blocking/Isolation rules and Permission rules?

  • A. Upload Rules are overridden by Blocking & Isolation rules.
    D Blocking & Isolation rules are overridden by Permission Rules
  • B. Permission Rules are overridden by Blocking & Isolation rules
  • C. Blocking & Isolation rules are overridden by Upload Rules.

正解:B


質問 # 37
An administrator is tasked to create a reputation override for a company-critical application based on the highest available priority in the reputation list. The company-critical application is already known by VMware Carbon Black.
Which method of reputation override must the administrator use?

  • A. Signing Certificate
  • B. IT Tool
  • C. Local Approved
  • D. Hash

正解:B

解説:
Explanation
To create a reputation override for a company-critical application based on the highest available priority in the reputation list, the administrator must use the IT Tool method of reputation override. The IT Tool method allows the administrator to specify a path to a known IT tool application, such as C:\Program Files\IT\Tools\application.exe, and assign it the Local Approved reputation. This reputation is the highest priority in the reputation list and overrides any other reputations assigned by VMware Carbon Black or other sources. The IT Tool method is useful for applications that are already known by VMware Carbon Black, but need to be allowed to run without interference from the sensor. The other options are incorrect because they are not the highest priority in the reputation list. Option A is incorrect because the Signing Certificate method assigns the Company Approved reputation, which is lower than the Local Approved reputation. Option B is incorrect because the Hash method assigns the Company Approved or Company Banned reputation, depending on the action selected, which are lower than the Local Approved reputation. Option C is incorrect because the Local Approved method is not a valid method of reputation override. It is a reputation level that can be assigned by the IT Tool method or by the sensor for pre-existing files or files signed by a trusted certificate. References: Manage Reputations, Reputation Assignment


質問 # 38
An administrator wants to prevent ransomware that has not been seen before, without blocking other processes.
Which rule should be used?

  • A. [Unknown malware] [Runs or is running] [Terminate process]
  • B. [Not listed application] [Runs or is running] [Terminate process]
  • C. [Adware or PUP] [Scrapes memory of another process] [Deny operation]
  • D. [Not listed application] [Performs ransomware-like behavior] [Terminate process

正解:D

解説:
Explanation
The best rule to prevent ransomware that has not been seen before, without blocking other processes, is B.
This rule uses the following criteria:
Not listed application: This means that the application is not known by Carbon Black Cloud Endpoint Standard, and it has no reputation or signature. This can indicate a new or unknown malware that has not been detected by other methods.
Performs ransomware-like behavior: This means that the application is performing actions that are typical of ransomware, such as encrypting files, deleting backups, or displaying ransom notes. This can indicate a malicious intent and a high risk of data loss or damage.
Terminate process: This means that the application is stopped and removed from the endpoint, preventing it from completing its malicious actions or spreading to other devices. This can mitigate the impact and severity of the attack.
The other rules are not as effective or appropriate for preventing ransomware that has not been seen before, without blocking other processes. Rule A would only block adware or potentially unwanted programs (PUPs) that scrape memory of another process, which is not necessarily related to ransomware. Rule C would block any unknown malware that runs or is running, which is too broad and could affect legitimate applications that are not listed by Carbon Black. Rule D would block any not listed application that runs or is running, which is also too broad and could affect legitimate applications that are not listed by Carbon Black.
References: Carbon Black Cloud Endpoint Standard - Technical Overview, Best Practices: Endpoint Standard Blocking
& Isolation Rules, Endpoint Standard: How to add a SHA256 hash to Approved/Banned List


質問 # 39
An administrator is tasked to create a reputation override for a company-critical application based on the highest available priority in the reputation list. The company-critical application is already known by VMware Carbon Black.
Which method of reputation override must the administrator use?

  • A. Local Approved
  • B. IT Tool
  • C. Signing Certificate
  • D. Hash

正解:C


質問 # 40
Which statement accurately characterizes Alerts that are categorized as a "Threat" versus those categorized as
"Observed"?

  • A. "Threat" indicates an ongoing attack. "Observed" indicates the attack is over and is being watched.
  • B. "Threat" indicates that no block (Deny or Terminate) has occurred. "Observed" indicates a block.
  • C. "Threat" indicates a block (Deny or Terminate) has occurred. "Observed" indicates that there is no block.
  • D. "Threat" indicates a more likely malicious event. "Observed" are less likely to be malicious.

正解:D


質問 # 41
A VMware Carbon Black managed endpoint is showing up as an inactive device in the console.
What is the threshold, in days, before a machine shows as inactive?

  • A. 90 days
  • B. 7 days
  • C. 60 days
  • D. 30 days

正解:D


質問 # 42
An administrator has dismissed a group of alerts and ticked the box for "Dismiss future instances of this alert on all devices in all policies". There is also a Notification configured to email the administrator whenever an alert of the same Severity occurs. The following day, a new alert is added to the same group of alerts.
How will this alert be handled?

  • A. The alert will show when Not Dismissed filter is selected on Alerts page, but a Notification email will not be sent.
  • B. The alert will show when the Not Dismissed filter is selected on Alerts page, and a Notification email will be sent.
  • C. The alert will show when the Dismissed filter is selected on Alerts page, but a Notification email will not be sent.
  • D. The alert will show when the Dismissed filter is selected on the Alerts page, and a Notification email will be sent.

正解:C

解説:
Explanation
When an administrator dismisses a group of alerts and ticks the box for "Dismiss future instances of this alert on all devices in all policies", the following happens:
The alerts are moved to the Dismissed tab on the Alerts page, and the alert count is reduced accordingly.
The alerts are no longer displayed on the Dashboard or the Device page.
The alerts are no longer considered for the device health score or the policy health score.
The alerts are no longer sent to any configured Notifications.
Therefore, if a new alert is added to the same group of alerts, it will also be dismissed automatically and follow the same rules as above. This means that the alert will show when the Dismissed filter is selected on Alerts page, but a Notification email will not be sent. References: VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 6.2: Dismissing Alerts, Page 46.


質問 # 43
An administrator has configured a permission rule with the following options selected:
Application at path: C:\Program Files\**
Operation Attempt: Performs any operation
Action: Bypass
What is the impact, if any, of using the wildcards in the path?

  • A. All executable files in the "Program Files" folder and subfolders will be ignored, includingmalware files.
  • B. No Files will be ignored from the "Program Files" director/, but Malware in the "Program Files" directory will continue to be blocked.
  • C. Only executable files in the "Program Files" folder will be ignored, includingmalware files.
  • D. Executable files in the "Program Files" folder will be blocked.

正解:A

解説:
Explanation
The impact of using the wildcards in the path is that all executable files in the "Program Files" folder and subfolders will be ignored, including malware files. This is because the double asterisk ** matches any files or directories in that path, and the Bypass action means that the sensor will notmonitor or block any operations performed by those files. This is a very permissive and risky rule, as it could allow malicious files to run without interference from the sensor. A more restrictive and secure rule would be to specify the exact path of the application that needs to be allowed, and use the Allow and Log action instead of Bypass. This way, the sensor will only ignore the specified application, and still log its operations for visibility and analysis. References: Carbon Black Cloud: How to Use Wildcards in Policy Rules, Set Permission Policy Rules


質問 # 44
A script-based attack has been identified that inflicted damage to the corporate systems. The security administrator found out that the malware was coded into Excel VBA and would like to perform a search to further inspect the incident.
Where in the VMware Carbon Black Cloud Endpoint Standard console can this action be completed?

  • A. Endpoints
  • B. Investigate
  • C. Settings
  • D. Alerts

正解:B


質問 # 45
Which statement is true regarding Blocking/Isolation rules and Permission rules?

  • A. D.Blocking & Isolation rules are overridden by Permission Rules
  • B. Upload Rules are overridden by Blocking & Isolation rules.
  • C. Permission Rules are overridden by Blocking & Isolation rules
  • D. Blocking & Isolation rules are overridden by Upload Rules.

正解:A

解説:
Explanation
The correct statement regarding Blocking/Isolation rules and Permission rules is D. Blocking & Isolation rules are overridden by Permission Rules. This means that if a file or process matches both a Blocking/Isolation rule and a Permission rule, the action specified by the Permission rule will take precedence over the action specified by the Blocking/Isolation rule. For example, if a file has a reputation of SUSPECT_MALWARE and a Blocking/Isolation rule is set to terminate any SUSPECT_MALWARE file that runs, but a Permission rule is set to allow and log any file that runs from a specific path, the file will be allowed and logged if it runs from that path, regardless of its reputation. Permission rules are useful for tuning the behavior of VMware Carbon Black Cloud Endpoint Standard and preventing false positives or unnecessary blocks1.
The other statements are false or irrelevant. Blocking & Isolation rules are not overridden by Upload Rules.
Upload Rules are rules that specify which files and metadata are uploaded to the Carbon Black Cloud for analysis and reputation. Upload Rules do not affect the prevention or detection capabilities of VMware Carbon Black Cloud Endpoint Standard2. Permission Rules are not overridden by Blocking & Isolation rules. As explained above, Permission Rules have a higher priority than Blocking & Isolation rules and can override their actions. Upload Rules are not overridden by Blocking & Isolation rules. Upload Rules and Blocking & Isolation rules are independent of each other and do not affect each other's functionality. References:
Prevention Policy Settings - VMware Docs, Permissions section, Action subsection.
Upload Rules - VMware Docs, Overview section.


質問 # 46
A script-based attack has been identified that inflicted damage to the corporate systems. The security administrator found out that the malware was coded into Excel VBA and would like to perform a search to further inspect the incident.
Where in the VMware Carbon Black Cloud Endpoint Standard console can this action be completed?

  • A. Endpoints
  • B. Investigate
  • C. Settings
  • D. Alerts

正解:B

解説:
Explanation
The Investigate page in the VMware Carbon Black Cloud Endpoint Standard console is where the security administrator can perform a search to further inspect the script-based attack that was coded into Excel VBA.
The Investigate page allows the administrator to use advanced search techniques to query the endpoint data collected by the VMware Carbon Black Cloud sensors. The administrator can use various fields and operators to filter and refine the search results, such as process_name, file_name, file_path, file_type, file_description, and more. The administrator can also use the processtree view to visualize the process execution and the event details to examine the process activity. For example, the administrator can use the following search query to find all the processes that have a file type of Excel VBA:
file_type:EXCEL_VBA
This query will return all the processes that have a file type of EXCEL_VBA, which is a file type that indicates the file contains Excel VBA code. The file_type field is a string that indicates the type of the file based on its content and format. The possible values for this field are:
EXE: Executable file
DLL: Dynamic-link library file
SYS: System file
BAT: Batch file
CMD: Command file
VBS: Visual Basic Script file
JS: JavaScript file
PS1: PowerShell Script file
HTA: HTML Application file
MSI: Windows Installer file
DOC: Microsoft Word document file
XLS: Microsoft Excel spreadsheet file
PPT: Microsoft PowerPoint presentation file
PDF: Portable Document Format file
SWF: Shockwave Flash file
JAR: Java Archive file
CLASS: Java class file
PY: Python script file
SH: Shell script file
PL: Perl script file
RB: Ruby script file
PHP: PHP script file
ASP: Active Server Pages file
ASPX: Active Server Pages Extended file
HTML: HyperText Markup Language file
XML: Extensible Markup Language file
DOCM: Microsoft Word document with macros file
XLAM: Microsoft Excel add-in with macros file
XLSM: Microsoft Excel spreadsheet with macros file
XLTM: Microsoft Excel template with macros file
PPTM: Microsoft PowerPoint presentation with macros file
POTM: Microsoft PowerPoint template with macros file
PPAM: Microsoft PowerPoint add-in with macros file
EXCEL_VBA: Excel Visual Basic for Applications file
WORD_VBA: Word Visual Basic for Applications file
POWERPOINT_VBA: PowerPoint Visual Basic for Applications file
OUTLOOK_VBA: Outlook Visual Basic for Applications file
ACCESS_VBA: Access Visual Basic for Applications file
PROJECT_VBA: Project Visual Basic for Applications file
VISIO_VBA: Visio Visual Basic for Applications file
PUBLISHER_VBA: Publisher Visual Basic for Applications file
INFOPATH_VBA: InfoPath Visual Basic for Applications file
ONENOTE_VBA: OneNote Visual Basic for Applications file
UNKNOWN: Unknown file type
Therefore, by using the Investigate page in the VMware Carbon Black Cloud Endpoint Standard console, the security administrator can perform a search to further inspect the script-based attack that was coded into Excel VBA. References:
Investigate Endpoint Data - VMware Docs, Overview section.
Advanced Search Techniques - VMware Docs, Using Fields section, file_type subsection.


質問 # 47
Which permission level is required when a user wants to install a sensor on a Windows endpoint?

  • A. Administrator
  • B. Everyone
  • C. User
  • D. Root

正解:A

解説:
Explanation
According to the VMware Carbon Black Cloud Sensor Installation Guide, the permission level that is required when a user wants to install a sensor on a Windows endpoint is Administrator. The usermust have local administrator privileges on the endpoint to install the sensor. The user can install the sensor by using one of the following methods:
Method 1: Invite Users to Install Sensors on Endpoints: This method allows the user to install the sensor by using an installation code that is sent by email from the Carbon Black Cloud console. The user must run the installation code as an administrator on the endpoint.
Method 2: Install the Sensor on the Endpoint by using the Command Line or Software Distribution Tools: This method allows the user to install the sensor by using the command line, or by using a scripted or automated method such as Group Policy or systems management tools. The user must run the installation command or script as an administrator on the endpoint.
The other permission levels are not sufficient or relevant for installing a sensor on a Windows endpoint.
Everyone is a group that includes all users and groups on the endpoint, but it does not grant administrator privileges. Root is a user that has full access and control over a Linux or Unix system, but it is not applicable to a Windows endpoint. User is a general term that refers to any person who uses a computer or network service, but it does not imply administrator privileges. References:
VMware Carbon Black Cloud Sensor Installation Guide, page 7, Sensor Components section, Sensor Service (RepMqr) subsection.
Installing Windows Sensors on Endpoints - VMware Docs, Procedure section, step 1.


質問 # 48
An administrator needs to find all events on the Investigate page where the process is svchost.exe, and the path is not the standard path of C:\Windows\System32.
Which advanced search will yield these results?

  • A. process_name:svchost.exe AND NOT process_name:C:\Windows\System32
  • B. process_name:svchost.exe EXCLUDE process_name:C:\Windows\System32
  • C. process_name:svchost.exe AND NOT process_name:C\:\\Windows\\System32
  • D. process_name:svchost.exe EXCLUDE process_name:C\:\\Windows\\System32

正解:C

解説:
Explanation
The correct answer is C because it uses the correct syntax for the advanced search query. The process_name field matches the name of the process, and the AND NOT operator excludes the results that match the second condition. The backslashes in the path need to be escaped with another backslash, so C:\Windows\System32 is the correct way to write it. References: VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 3.3.2: Investigate Page - Advanced Search.


質問 # 49
An administrator is working in a development environment that has a policy rule applied and notices that there are too many blocks. The administrator takes action on the policy rule to troubleshoot the issue until the blocks are fixed.
Which action should the administrator take?

  • A. Recall
  • B. Unenforce
  • C. Delete
  • D. Disable

正解:D


質問 # 50
Which command is used to immediately terminate a current Live Response session?

  • A. execfg
  • B. detach -q
  • C. kill
  • D. delete

正解:B


質問 # 51
An administrator has just placed an endpoint into bypass.
What type of protection, if any, will VMware Carbon Black provide this device?

  • A. VMware Carbon Black will not provide any protection to the endpoint.
  • B. VMware Carbon Black will apply policy rules.
  • C. VMware Carbon Black will be uninstalled from the endpoint.
  • D. VMware Carbon Black will place the machine in quarantine.

正解:A


質問 # 52
What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?

  • A. Priority 1: Ignore, Priority 11: Unknown
  • B. Priority 1: Unknown, Priority 11: Ignore
  • C. Priority 1: Known Malware, Priority 11: Common White
  • D. Priority 1: Company Allowed, Priority 11: Not Listed/Adaptive White

正解:A

解説:
Explanation
According to the VMware Carbon Black Cloud User Guide, the reputation priority is in a descending order with 1 being the highest priority and 11 the lowest priority. The highest priority reputation is Ignore, which is a self-check reputation that Carbon Black Cloud assigns to product files and grants them with full permissions to run. The lowest priority reputation is Unknown, which indicates that Carbon Black Cloud has not yet determined the reputation of the file. References:
Reputation Assignment - VMware Docs, Reputation Priority table.


質問 # 53
An administrator wants to block an application by its path instead of reputation. The following steps have already been taken:
Go to Enforce > Policies > Select the desired policy >
Which additional steps must be taken to complete the task?

  • A. Scroll down to the Blocking and Isolation section > Click Edit (pencil icon) for the desired Reputation
  • B. Scroll down to the Permissions section > Click Add application path > Enter the path of the desired application
  • C. Click Enforce > Add application path name
  • D. Scroll down to the Blocking and Isolation section > Click Add application path > Enter the path of the desired application

正解:D

解説:
To block an application by its path instead of reputation, the administrator needs to follow these steps:
Go to Enforce > Policies > Select the desired policy.
Scroll down to the Blocking and Isolation section.
Click Add application path.
Enter the path of the desired application, such as C:\Program Files\Example\example.exe.
Choose the action to take when the application is detected, such as Block or Allow.
Optionally, add a description for the application path rule.
Click Save to apply the changes to the policy.
The other options are incorrect because they do not specify the correct section, button, or field for blocking an application by its path. The Enforce section is for managing the policy assignments, not the policy rules. The Permissions section is for managing the application control rules, not the application blocking rules. The Edit (pencil icon) button is for modifying the existing reputation levels, not for adding a new application path rule. References:
VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Module 3: Application Control, pages 3-7 to 3-8.
VMware Carbon Black Cloud Endpoint Standard User Guide, Chapter 9: Application Control, pages
115-116.


質問 # 54
......


この試験は、ポリシー管理に焦点を当てています。 このセクションでは、エンドポイントセキュリティのポリシーを作成および管理する能力についてテストされます。 また、プロセスブロッキングポリシーやイベントベースのポリシーなど、さまざまなポリシータイプに関する知識についてテストされます。 4番目の最終セクションでは、調査と修復のスキルをテストします。 このセクションでは、エンドポイントの脅威を調査し、それらを修復する能力についてテストされます。


VMware Carbon Black Cloud Endpoint Standard Skills認定試験は、一般的なエンドポイントセキュリティの課題、クラウドセキュリティの基礎、エンドポイント検出および対応、マルウェア解析、エンドポイント強化技術などのトピックを含む範囲で候補者をテストします。

 

最新5V0-93.22試験問題集有効で最新の問題集:https://jp.fast2test.com/5V0-93.22-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어