
2024年最新の更新のVMware Security Solutionsが有効な5V0-93.22問題集を無料提供しています
最新のFast2test 5V0-93.22PDF問題集をダウンロードしちゃおう:https://jp.fast2test.com/5V0-93.22-premium-file.html(62問題と解答)
VMware Carbon Black Cloud Endpoint Standard Skills Examは、エンドポイント保護の習得に関心のある人にとって重要な認証です。この試験では、VMwareカーボンブラッククラウドエンドポイント標準ソリューションを深く理解する必要があり、エンドポイントセキュリティに熟達することは必須です。この試験は、エンドポイント、クラウド、および仮想環境を確保するために、IT専門家の知識とスキルをテストするように設計されています。
VMware 5V0-93.22認定試験は、グローバルに認識されているベンダー中立認証です。この認定は、エンドポイントセキュリティに関する候補者の専門知識を検証し、雇用市場で競争力を提供します。この認定は、継続的な学習と専門能力開発に対する候補者のコミットメントも示しています。
質問 # 16
An administrator has configured a permission rule with the following options selected:
Application at path: C:\Program Files\**
Operation Attempt: Performs any operation
Action: Bypass
What is the impact, if any, of using the wildcards in the path?
- A. All executable files in the "Program Files" folder and subfolders will be ignored, includingmalware files.
- B. Only executable files in the "Program Files" folder will be ignored, includingmalware files.
- C. Executable files in the "Program Files" folder will be blocked.
- D. No Files will be ignored from the "Program Files" director/, but Malware in the "Program Files" directory will continue to be blocked.
正解:A
解説:
Explanation
The impact of using the wildcards in the path is that all executable files in the "Program Files" folder and subfolders will be ignored, including malware files. This is because the double asterisk ** matches any files or directories in that path, and the Bypass action means that the sensor will notmonitor or block any operations performed by those files. This is a very permissive and risky rule, as it could allow malicious files to run without interference from the sensor. A more restrictive and secure rule would be to specify the exact path of the application that needs to be allowed, and use the Allow and Log action instead of Bypass. This way, the sensor will only ignore the specified application, and still log its operations for visibility and analysis. References: Carbon Black Cloud: How to Use Wildcards in Policy Rules, Set Permission Policy Rules
質問 # 17
What connectivity is required for VMware Carbon Black Cloud Endpoint Standard to perform Sensor Certificate Validation?
- A. TCP/80 to GoDaddy CRL URL (crl.godaddy.com and ocsp.godaddy.com)
- B. TCP/80 to GoDaddy OCSP and CRL URLs (crl.godaddy.com and ocsp.godaddy.com)
- C. TCP/443 to GoDaddy OCSP and CRL URLs (crl.godaddy.com and ocsp.godaddy.com)
- D. TCP/443 to GoDaddy CRL URL (crl.godaddy.com and ocsp.godaddy.com)
正解:C
質問 # 18
An administrator is working in a development environment that has a policy rule applied and notices that there are too many blocks. The administrator takes action on the policy rule to troubleshoot the issue until the blocks are fixed.
Which action should the administrator take?
- A. Disable
- B. Unenforce
- C. Delete
- D. Recall
正解:B
解説:
Explanation
Unenforcing a policy rule means that the rule will still be evaluated, but the actions will not be taken. This allows the administrator to troubleshoot the issue without affecting the endpoints or generating alerts. Disabling, recalling, or deleting a policy rule will remove it from the evaluation process and may affect the security posture of the organization. References: VMware Carbon Black Cloud Endpoint Standard Skills Exam Guide1, VMware Carbon Black Cloud Endpoint Standard - On Demand Course
質問 # 19
An administrator would like to proactively know that something may get blocked when putting a policy rule in the environment.
How can this information be obtained?
- A. Put the rules in and see what happens to the endpoints.
D Determine what would happen based on previously used antivirus software - B. Search the data using the test rule functionality.
B Examine log files to see what would be impacted
正解:B
質問 # 20
A script-based attack has been identified that inflicted damage to the corporate systems. The security administrator found out that the malware was coded into Excel VBA and would like to perform a search to further inspect the incident.
Where in the VMware Carbon Black Cloud Endpoint Standard console can this action be completed?
- A. Settings
- B. Investigate
- C. Endpoints
- D. Alerts
正解:B
解説:
Explanation
The Investigate page in the VMware Carbon Black Cloud Endpoint Standard console is where the security administrator can perform a search to further inspect the script-based attack that was coded into Excel VBA.
The Investigate page allows the administrator to use advanced search techniques to query the endpoint data collected by the VMware Carbon Black Cloud sensors. The administrator can use various fields and operators to filter and refine the search results, such as process_name, file_name, file_path, file_type, file_description, and more. The administrator can also use the processtree view to visualize the process execution and the event details to examine the process activity. For example, the administrator can use the following search query to find all the processes that have a file type of Excel VBA:
file_type:EXCEL_VBA
This query will return all the processes that have a file type of EXCEL_VBA, which is a file type that indicates the file contains Excel VBA code. The file_type field is a string that indicates the type of the file based on its content and format. The possible values for this field are:
EXE: Executable file
DLL: Dynamic-link library file
SYS: System file
BAT: Batch file
CMD: Command file
VBS: Visual Basic Script file
JS: JavaScript file
PS1: PowerShell Script file
HTA: HTML Application file
MSI: Windows Installer file
DOC: Microsoft Word document file
XLS: Microsoft Excel spreadsheet file
PPT: Microsoft PowerPoint presentation file
PDF: Portable Document Format file
SWF: Shockwave Flash file
JAR: Java Archive file
CLASS: Java class file
PY: Python script file
SH: Shell script file
PL: Perl script file
RB: Ruby script file
PHP: PHP script file
ASP: Active Server Pages file
ASPX: Active Server Pages Extended file
HTML: HyperText Markup Language file
XML: Extensible Markup Language file
DOCM: Microsoft Word document with macros file
XLAM: Microsoft Excel add-in with macros file
XLSM: Microsoft Excel spreadsheet with macros file
XLTM: Microsoft Excel template with macros file
PPTM: Microsoft PowerPoint presentation with macros file
POTM: Microsoft PowerPoint template with macros file
PPAM: Microsoft PowerPoint add-in with macros file
EXCEL_VBA: Excel Visual Basic for Applications file
WORD_VBA: Word Visual Basic for Applications file
POWERPOINT_VBA: PowerPoint Visual Basic for Applications file
OUTLOOK_VBA: Outlook Visual Basic for Applications file
ACCESS_VBA: Access Visual Basic for Applications file
PROJECT_VBA: Project Visual Basic for Applications file
VISIO_VBA: Visio Visual Basic for Applications file
PUBLISHER_VBA: Publisher Visual Basic for Applications file
INFOPATH_VBA: InfoPath Visual Basic for Applications file
ONENOTE_VBA: OneNote Visual Basic for Applications file
UNKNOWN: Unknown file type
Therefore, by using the Investigate page in the VMware Carbon Black Cloud Endpoint Standard console, the security administrator can perform a search to further inspect the script-based attack that was coded into Excel VBA. References:
Investigate Endpoint Data - VMware Docs, Overview section.
Advanced Search Techniques - VMware Docs, Using Fields section, file_type subsection.
質問 # 21
An administrator wants to prevent ransomware that has not been seen before, without blocking other processes.
Which rule should be used?
- A. [Not listed application] [Runs or is running] [Terminate process]
- B. [Adware or PUP] [Scrapes memory of another process] [Deny operation]
- C. [Unknown malware] [Runs or is running] [Terminate process]
- D. [Not listed application] [Performs ransomware-like behavior] [Terminate process
正解:D
質問 # 22
What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?
- A. Priority 1: Ignore, Priority 11: Unknown
- B. Priority 1: Unknown, Priority 11: Ignore
- C. Priority 1: Known Malware, Priority 11: Common White
- D. Priority 1: Company Allowed, Priority 11: Not Listed/Adaptive White
正解:A
解説:
Explanation
According to the VMware Carbon Black Cloud User Guide, the reputation priority is in a descending order with 1 being the highest priority and 11 the lowest priority. The highest priority reputation is Ignore, which is a self-check reputation that Carbon Black Cloud assigns to product files and grants them with full permissions to run. The lowest priority reputation is Unknown, which indicates that Carbon Black Cloud has not yet determined the reputation of the file. References:
Reputation Assignment - VMware Docs, Reputation Priority table.
質問 # 23
Which command is used to immediately terminate a current Live Response session?
- A. execfg
- B. kill
- C. delete
- D. detach -q
正解:D
質問 # 24
An administrator is tasked to create a reputation override for a company-critical application based on the highest available priority in the reputation list. The company-critical application is already known by VMware Carbon Black.
Which method of reputation override must the administrator use?
- A. Signing Certificate
- B. IT Tool
- C. Hash
- D. Local Approved
正解:A
質問 # 25
An administrator needs to use an ID to search and investigate security incidents in Carbon Black Cloud.
Which three IDs may be used for this purpose? (Choose three.)
- A. Alert
- B. Threat
- C. Event
- D. User
- E. Sensor
- F. Hash
正解:A、E、F
解説:
The IDs that may be used to search and investigate security incidents in Carbon Black Cloud are hash, sensor, and alert.
A hash is a unique identifier for a file or process that can be used to track its activity and behavior across endpoints. A hash can be searched in the Investigate page to view its reputation, prevalence, and associated alerts.
A sensor is a unique identifier for an endpoint that has the Carbon Black Cloud agent installed. A sensor can be searched in the Endpoints page to view its status, policy, and associated alerts. A sensor can also be searched in the Investigate page to view its processes, events, and network connections.
An alert is a unique identifier for a security incident that is generated by Carbon Black Cloud based on the policy rules and threat intelligence. An alert can be searched in the Alerts page to view its details, timeline, and remediation actions. An alert can also be searched in the Investigate page to view its associated processes, events, and network connections.
A threat is not a valid ID for searching and investigating security incidents in Carbon Black Cloud. A threat is a term used to describe a malicious actor or activity that poses a risk to the organization. A threat can be detected by Carbon Black Cloud based on the threat intelligence feeds and watchlists, but it is not a unique identifier for a specific incident.
An event is not a valid ID for searching and investigating security incidents in Carbon Black Cloud. An event is a term used to describe a single action or occurrence that is recorded by the Carbon Black Cloud agent on an endpoint. An event can be viewed in the Investigate page as part of a process or alert, but it is not a unique identifier for a specific incident.
A user is not a valid ID for searching and investigating security incidents in Carbon Black Cloud. A user is a term used to describe a person who has access to the Carbon Black Cloud console or API. A user can be searched in the Users page to view their role, permissions, and activity, but they are not directly related to security incidents. References:
VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 2.1: Investigate VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 2.2: Alerts VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 2.3: Endpoints VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 2.4: Threats VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 2.5: Users
質問 # 26
A security administrator notices an unusual software behavior on an endpoint. The administrator immediately used the search query to collect data and start analyzing indicators to find the solution.
What is a pre-requisite step in gathering specific vulnerability data to export it as a CSV file for analysis?
- A. Perform a custom search on the Endpoint Page.
- B. Access the Audit Log content to see associated events.
- C. Search for specific malware byhash or filename.
- D. Enable cloud analysis.
正解:A
質問 # 27
The use of leading wildcards in a query is not recommended unless absolutely necessary because they carry a significant performance penalty for the search.
What is an example of a leading wildcard?
- A. filemod:system32/*ntdll.dll
- B. filemod:system32/ntdll.dll
- C. filemod:*/system32/ntdll.dll
- D. filemod:system32/ntdll.dll*
正解:C
解説:
Explanation
A leading wildcard is a wildcard that is placed at the beginning of a search term, such as * or ?. A leading wildcard matches any characters that precede the specified term. For example, filemod:/system32/ntdll.dll matches any file modification events that end with /system32/ntdll.dll, regardless of the drive letter or the directory name. A leading wildcard is not recommended unless absolutely necessary because it carries a significant performance penalty for the search. This is because the search engine has to scan the entire index for possible matches, rather than using the index to quickly narrow down the results1.
The other options are not examples of leading wildcards. A. filemod:system32/ntdll.dll is an exact match query that matches only file modification events that are exactly system32/ntdll.dll. B. filemod:system32/ ntdll.dll is a trailing wildcard query that matches any file modification events that start with system32/ and end with ntdll.dll, regardless of the characters in between. D. filemod:system32/ntdll.dll is a trailing wildcard query that matches any file modification events that start with system32/ntdll.dll, regardless of the characters that follow. References:
Search Syntax - VMware Docs, Wildcards section.
質問 # 28
What is a capability of VMware Carbon Black Cloud?
- A. Real-time view of attackers
- B. Continuous and decentralized recording
- C. Attack chain visualization and search
- D. Automation via closed SOAP APIs
正解:C
解説:
Explanation
VMware Carbon Black Cloud is a cloud-native endpoint and workload protection platform that combines the intelligent system hardening and behavioral prevention needed to keep emerging threats at bay, using a single lightweight agent and an easy-to-use console. One of the capabilities of VMware Carbon Black Cloud is attack chain visualization and search, which allows users to see the full scope of an attack, from initial compromise to lateral movement, and quickly search for indicators of compromise across endpoints and workloads. References: VMware Carbon Black Cloud Endpoint Standard Skills Exam Guide, page 4; VMware Carbon Black Cloud Endpoint Standard Skills Study Guide, page 6.
質問 # 29
An administrator wants to prevent malicious code that has not been seen before from retrieving credentials from the Local Security Authority Subsystem Service, without causing otherwise good applications from being blocked.
Which rule should be used?
- A. [**\lsass.exe] [Scrapes memory of another process] [Deny operation]
- B. [Unknown application] [Retrieves credentials] [Terminate process]
- C. [**/*.exe] [Scrapes memory of another process] [Terminate process]
- D. [Not listed application] [Scrapes memory of another process] [Terminate process]
正解:D
解説:
Explanation
This rule will prevent any application that is not listed in the Carbon Black Cloud Endpoint Standard from scraping the memory of another process, which is a common technique used by malware to retrieve credentials from the Local Security Authority Subsystem Service (LSASS). This rule will terminate the process that attempts to perform this operation, thus blocking the credential theft. This rule is more specific and effective than option A, which only applies to unknown applications, or option B, which applies to all executable files regardless of their reputation. Option C is incorrect because it will only deny the operation but not terminate the process, which may allow the malware to continue running and try other methods of credential theft. References: VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Module 4:
Endpoint Standard Rules, Lesson 2: Rule Types and Actions, slide 12.
質問 # 30
An administrator is tasked to create a reputation override for a company-critical application based on the highest available priority in the reputation list. The company-critical application is already known by VMware Carbon Black.
Which method of reputation override must the administrator use?
- A. Signing Certificate
- B. IT Tool
- C. Hash
- D. Local Approved
正解:B
解説:
Explanation
To create a reputation override for a company-critical application based on the highest available priority in the reputation list, the administrator must use the IT Tool method of reputation override. The IT Tool method allows the administrator to specify a path to a known IT tool application, such as C:\Program Files\IT\Tools\application.exe, and assign it the Local Approved reputation. This reputation is the highest priority in the reputation list and overrides any other reputations assigned by VMware Carbon Black or other sources. The IT Tool method is useful for applications that are already known by VMware Carbon Black, but need to be allowed to run without interference from the sensor. The other options are incorrect because they are not the highest priority in the reputation list. Option A is incorrect because the Signing Certificate method assigns the Company Approved reputation, which is lower than the Local Approved reputation. Option B is incorrect because the Hash method assigns the Company Approved or Company Banned reputation, depending on the action selected, which are lower than the Local Approved reputation. Option C is incorrect because the Local Approved method is not a valid method of reputation override. It is a reputation level that can be assigned by the IT Tool method or by the sensor for pre-existing files or files signed by a trusted certificate. References: Manage Reputations, Reputation Assignment
質問 # 31
A company wants to prevent an executable from running in their organization. The current reputation for the file is NOT LISTED, and the machines are in the default standard policy.
Which action should be taken to prevent the file from executing?
- A. Use Live Response to delete the file.
- B. Add the hash to the MALWARE list.
- C. Use Live Response to kill the process.
- D. Add the hash to the company banned list.
正解:D
質問 # 32
An administrator wants to block ransomware in the organization based on leadership's growing concern about ransomware attacks in their industry.
What is the most effective way to meet this goal?
- A. Look at current attacks to see if the software that is running is vulnerable to potential ransomware attacks.
- B. Start in the monitored policy until it is clear that no attacks are happening.
- C. Turn on the performs ransomware-like behavior rule in the policies.
- D. Recognize that analytics will automatically block the attacks that may occur.
正解:C
質問 # 33
Which permission level is required when a user wants to install a sensor on a Windows endpoint?
- A. Everyone
- B. Administrator
- C. Root
- D. User
正解:B
解説:
Explanation
According to the VMware Carbon Black Cloud Sensor Installation Guide, the permission level that is required when a user wants to install a sensor on a Windows endpoint is Administrator. The usermust have local administrator privileges on the endpoint to install the sensor. The user can install the sensor by using one of the following methods:
Method 1: Invite Users to Install Sensors on Endpoints: This method allows the user to install the sensor by using an installation code that is sent by email from the Carbon Black Cloud console. The user must run the installation code as an administrator on the endpoint.
Method 2: Install the Sensor on the Endpoint by using the Command Line or Software Distribution Tools: This method allows the user to install the sensor by using the command line, or by using a scripted or automated method such as Group Policy or systems management tools. The user must run the installation command or script as an administrator on the endpoint.
The other permission levels are not sufficient or relevant for installing a sensor on a Windows endpoint.
Everyone is a group that includes all users and groups on the endpoint, but it does not grant administrator privileges. Root is a user that has full access and control over a Linux or Unix system, but it is not applicable to a Windows endpoint. User is a general term that refers to any person who uses a computer or network service, but it does not imply administrator privileges. References:
VMware Carbon Black Cloud Sensor Installation Guide, page 7, Sensor Components section, Sensor Service (RepMqr) subsection.
Installing Windows Sensors on Endpoints - VMware Docs, Procedure section, step 1.
質問 # 34
An administrator wants to prevent malicious code that has not been seen before from retrieving credentials from the Local Security Authority Subsystem Service, without causing otherwise good applications from being blocked.
Which rule should be used?
- A. [**\lsass.exe] [Scrapes memory of another process] [Deny operation]
- B. [Unknown application] [Retrieves credentials] [Terminate process]
- C. [**/*.exe] [Scrapes memory of another process] [Terminate process]
- D. [Not listed application] [Scrapes memory of another process] [Terminate process]
正解:D
質問 # 35
What is a security benefit of VMware Carbon Black Cloud Endpoint Standard?
- A. Customized threat feeds can be combined with other outside threat intelligence sources.
- B. Firewall rule configuration are provided in the environment.
- C. Events and alerts are tagged with Carbon Black TTPs to provide context around attacks.
- D. Data leakage protection (DLP) is enforced on endpoints or subsets of endpoints.
正解:C
解説:
Explanation
VMware Carbon Black Cloud Endpoint Standard is a next-generation antivirus (NGAV) and behavioral endpoint detection and response (EDR) solution that protects against the full spectrum of modern cyber-attacks. It uses the VMware Carbon Black Cloud's universal agent and console, the solution applies behavioral analytics to endpoint events to streamline detection, prevention, and response to cyber-attacks. One of the security benefits of Endpoint Standard is that it tags events and alerts with Carbon Black TTPs (tactics, techniques, and procedures) to provide context around attacks. Carbon Black TTPs are based on the MITRE ATT&CK framework, which is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. By tagging events and alerts with Carbon Black TTPs, Endpoint Standard helps security teams to understand the nature and scope of the attack, prioritize the most critical threats, and take appropriate actions to remediate them. References: Carbon Black Cloud Endpoint Standard - Technical Overview, VMware Carbon Black Cloud Endpoint Standard Datasheet, MITRE ATT&CK
質問 # 36
A security administrator is tasked to enable Live Response on all endpoints in a specific policy.
What is the correct path to configure the required sensor policy setting?
- A. Enforce > Policy > Policies > Sensor
- B. Enforce > Policies > Policy > Sensor
- C. Policies > Policy > Sensor > Enforce
- D. Policies > Enforce > Policy > Sensor
正解:B
解説:
Explanation
To enable Live Response on all endpoints in a specific policy, the security administrator needs to follow the correct path to configure the required sensor policy setting. The correct path is Enforce > Policies > Policy > Sensor. This path allows the administrator to select a policy group, then click on the Sensor tab, where they can select or deselect the Enable Live Response checkbox as applicable, and then click Save. This will enable or disable Live Response for all endpoints that are assigned to that policy group. The other options are incorrect because they do not match the correctpath to configure the sensor policy setting for Live Response. References: Use Live Response, Use Live Response for VM Workloads
質問 # 37
Which statement is true regarding Blocking/Isolation rules and Permission rules?
- A. Blocking & Isolation rules are overridden by Upload Rules.
- B. Permission Rules are overridden by Blocking & Isolation rules
- C. Upload Rules are overridden by Blocking & Isolation rules.
D Blocking & Isolation rules are overridden by Permission Rules
正解:B
質問 # 38
A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry.
Which components can be checked to further inspect the cause of the alert?
- A. TTPs involved, network connections, and child path
- B. Priority score, file reputation, and timestamp
- C. Command lines. Device ID, and priority score
- D. Event details, command lines, and TTPs involved
正解:D
解説:
Explanation
These components can provide more information about the suspicious running process and its behavior, such as:
Event details: This component shows the details of the event that triggered the alert, such as the device name, the device time, the process name, the process path, the process ID, the operation type, the operation result, the registry key, the registry value, and the registry data. The event details can help the security administrator to identify the source and the target of the registry modification attempt, and to verify if the operation was successful or not.
Command lines: This component shows the command lines that were executed by the process or its parent process, such as the arguments, the parameters, the switches, and the environment variables. The command lines can help the security administrator to understand the purpose and the context of the process execution, and to detect any malicious or anomalous commands or scripts.
TTPs involved: This component shows the tactics, techniques, and procedures (TTPs) that were involved in the event, based on the MITRE ATT&CK framework. The TTPs can help the security administrator to assess the severity and the impact of the event, and to correlate the event with other related events or indicators of compromise.
The other components are not as useful or relevant for investigating the alert. A. Device ID and priority score are components that provide general information about the device and the alert, but they do not provide specific details about the suspicious running process or its behavior. C. Network connections and child path are components that show the network activity and the child processes of the suspicious running process, but they do not show the registry modification attempt or its result. D. File reputation and timestamp are components that show the reputation and the time of the file associated with the suspicious running process, but they do not show the command lines orthe TTPs involved in the event. References: VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 2.3.2: Investigate Alerts, Page 16.
質問 # 39
An administrator wants to block ransomware in the organization based on leadership's growing concern about ransomware attacks in their industry.
What is the most effective way to meet this goal?
- A. Look at current attacks to see if the software that is running is vulnerable to potential ransomware attacks.
- B. Start in the monitored policy until it is clear that no attacks are happening.
- C. Turn on the performs ransomware-like behavior rule in the policies.
- D. Recognize that analytics will automatically block the attacks that may occur.
正解:C
解説:
Explanation
The most effective way to meet the goal of blocking ransomware in the organization is to turn on the performs ransomware-like behavior rule in the policies. This rule is a feature of VMware Carbon Black Cloud Endpoint Standard that uses behavioral analytics to detect and prevent actions that are typical of ransomware, such as encrypting files, deleting backups, or displaying ransom notes. By turning on this rule, the administrator can block any application that attempts to perform ransomware-like behavior, regardless of its reputation or signature. This can protect the organization from new or unknown ransomware variants that may not be detected by other methods. The administrator can also customize the rule to apply different actions, such as alert, deny, or terminate, depending on the policy configuration and the security needs of the organization.
The other options are not as effective or appropriate for blocking ransomware in the organization. Option A is not proactive, but reactive, as it relies on looking at current attacks to see if the software that is running is vulnerable to potential ransomware attacks. This may not be sufficient to prevent future attacks that use different software or exploit different vulnerabilities. Option C is not accurate, as analytics alone cannot automatically block all the attacks that may occur. Analytics can help toidentify and prioritize the most critical threats, but the administrator still needs to configure the policies and rules to block the attacks. Option D is not recommended, as it exposes the organization to unnecessary risk. Starting in the monitored policy until it is clear that no attacks are happening means that the administrator is not taking any preventive actions, but only monitoring the endpoint activity and logging the events. This may not be enough to stop or mitigate the impact of a ransomware attack, which can cause irreversible damage or data loss in a short time. References: Carbon Black Cloud Endpoint Standard - Technical Overview, Best Practices:
質問 # 40
An administrator has been tasked with preventing the use of unauthorized USB storage devices from being used in the environment.
Which item needs to be enabled in order to enforce this requirement?
- A. Elect to approve only allowed USB devices from the USB Devices page.
- B. Enable the Block access to all unapproved USB devices within the policies option.
- C. Choose to disable USB device access on each endpoint from the Inventory page.
- D. Select the option to block USB devices from the Reputation page.
正解:B
質問 # 41
......
実験された試験材料は5V0-93.22:https://jp.fast2test.com/5V0-93.22-premium-file.html