[2024年08月] 今すぐダウンロード!リアル VMware 5V0-93.22 試験問題集テストエンジン試験問題 [Q22-Q38]

Share

[2024年08月] 今すぐダウンロード!リアルVMware 5V0-93.22試験問題集テストエンジン試験問題

最新5V0-93.22テスト問題集を試そう!最新VMware試験合格させます

質問 # 22
A security administrator is tasked to enable Live Response on all endpoints in a specific policy.
What is the correct path to configure the required sensor policy setting?

  • A. Enforce > Policies > Policy > Sensor
  • B. Policies > Enforce > Policy > Sensor
  • C. Policies > Policy > Sensor > Enforce
  • D. Enforce > Policy > Policies > Sensor

正解:A

解説:
Explanation
To enable Live Response on all endpoints in a specific policy, the security administrator needs to follow the correct path to configure the required sensor policy setting. The correct path is Enforce > Policies > Policy > Sensor. This path allows the administrator to select a policy group, then click on the Sensor tab, where they can select or deselect the Enable Live Response checkbox as applicable, and then click Save. This will enable or disable Live Response for all endpoints that are assigned to that policy group. The other options are incorrect because they do not match the correctpath to configure the sensor policy setting for Live Response. References: Use Live Response, Use Live Response for VM Workloads


質問 # 23
An administrator has dismissed a group of alerts and ticked the box for "Dismiss future instances of this alert on all devices in all policies". There is also a Notification configured to email the administrator whenever an alert of the same Severity occurs. The following day, a new alert is added to the same group of alerts.
How will this alert be handled?

  • A. The alert will show when the Dismissed filter is selected on the Alerts page, and a Notification email will be sent.
  • B. The alert will show when Not Dismissed filter is selected on Alerts page, but a Notification email will not be sent.
  • C. The alert will show when the Dismissed filter is selected on Alerts page, but a Notification email will not be sent.
  • D. The alert will show when the Not Dismissed filter is selected on Alerts page, and a Notification email will be sent.

正解:C

解説:
Explanation
When an administrator dismisses a group of alerts and ticks the box for "Dismiss future instances of this alert on all devices in all policies", the following happens:
The alerts are moved to the Dismissed tab on the Alerts page, and the alert count is reduced accordingly.
The alerts are no longer displayed on the Dashboard or the Device page.
The alerts are no longer considered for the device health score or the policy health score.
The alerts are no longer sent to any configured Notifications.
Therefore, if a new alert is added to the same group of alerts, it will also be dismissed automatically and follow the same rules as above. This means that the alert will show when the Dismissed filter is selected on Alerts page, but a Notification email will not be sent. References: VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 6.2: Dismissing Alerts, Page 46.


質問 # 24
A VMware Carbon Black managed endpoint is showing up as an inactive device in the console.
What is the threshold, in days, before a machine shows as inactive?

  • A. 60 days
  • B. 7 days
  • C. 30 days
  • D. 90 days

正解:B

解説:
Explanation
According to the VMware Carbon Black Cloud Endpoint Standard User Guide, the threshold, in days, before a machine shows as inactive in the console is 7 days. An inactive device is a device that has not communicated with the Carbon Black Cloud console for more than 7 days. The console displays the last communication time for each device on the Endpoints page. The administrator can use the Inactive Devices filter to view all the inactive devices in the organization. The administrator can also use the Device Status widget on the Dashboard page to see the number and percentage of inactive devices in the organization. The administrator can take various actions to resolve the inactive device issue, such as:
Check the network connectivity and firewall settings of the device
Check the sensor status and version on the device
Check the policy settings and rules applied to the device
Reinstall the sensor on the device
Delete the device from the console if it is no longer in use References:
VMware Carbon Black Cloud Endpoint Standard User Guide, page 14, Inactive Devices section.


質問 # 25
An organization has found application.exe running on some machines in their Workstations policy.
Application.exe has a SUSPECT_MALWARE reputation and runs from C:\Program Files\IT\Tools. The Workstations policy has the following rules which could apply:
Blocking and Isolation Rule
Application on the company banned list > Runs or is running > Deny
Known malware > Runs or is running > Deny
Suspect malware > Runs or is running > Terminate
Permissions Rule
C:\Program Files\IT\Tools\* > Performs any operation > Bypass
Which action, if any, should an administrator take to ensure application.exe cannot run?

  • A. Remove the Permissions rule for C:\Program FilesMTVToolsV.
  • B. Change the reputation to KNOWN MALWARE to a higher priority.
  • C. Add the hash to the company banned list at a higher priority.
  • D. No action needs to be taken as the file will be blocked based on reputation alone.

正解:A

解説:
Explanation
The action that an administrator should take to ensure application.exe cannot run is to remove the Permissions rule for C:\Program Files\IT\Tools*. This is because the Permissions rule has a higher priority than the Blocking and Isolation rule, and it allows any operation on any file in that path, including application.exe. By removing the Permissions rule, the Blocking and Isolation rule will apply and terminate application.exe based on its SUSPECT_MALWARE reputation. The other options are incorrect because they will not prevent application.exe from running. Option A is incorrect because changing the reputation to KNOWN MALWARE will not override the Permissions rule that allows any operation on the file. Option B is incorrect because the file will not be blocked based on reputation alone, as the Permissions rule will bypass the reputation check.
Option D is incorrect because adding the hash to the company banned list will not override the Permissions rule that allows any operation on the file. References: Precedence of Policy Rules, Set Permission Policy Rules, Set Blocking and Isolation Policy Rules


質問 # 26
An administrator has determined that the following rule was the cause for an unexpected block:
[Suspected malware] [Invokes a command interpreter] [Terminate process] All reputations for the process which was blocked show SUSPECT_MALWARE.
Which reputation was used by the sensor for the decision to terminate the process?

  • A. Initial Cloud reputation
  • B. Current Cloud reputation
  • C. Actioned reputation
  • D. Effective reputation

正解:D

解説:
Explanation
The reputation that was used by the sensor for the decision to terminate the process was the effective reputation. The effective reputation is the reputation that the sensor uses to evaluate and enforce policy rules on the endpoint. The effective reputation is determined by the following factors:
The initial cloud reputation, which is the reputation that the Carbon Black Cloud assigns to the file based on its analysis and threat intelligence feeds.
The actioned reputation, which is the reputation that the administrator assigns to the file through the Carbon Black Cloud console, such as approve, ban, or dismiss.
The current cloud reputation, which is the reputation that the Carbon Black Cloud updates for the file based on new information or changes in the threat landscape.
The effective reputation is the highest priority reputation among these three factors. For example, if the initial cloud reputation is SUSPECT_MALWARE, the actioned reputation is APPROVED, and the current cloud reputation is KNOWN_MALWARE, the effective reputation will be APPROVED, because it has the highest priority. The sensor will use the effective reputation to apply the policy rules on the endpoint. In this case, the process will not be blocked by the rule [Suspected malware] [Invokes a command interpreter] [Terminate process], because the effective reputation is not SUSPECT_MALWARE.
In the question scenario, the effective reputation for the process was SUSPECT_MALWARE, which means that either the initial cloud reputation, the actioned reputation, or the current cloud reputation was SUSPECT_MALWARE, and there was no higher priority reputation that overrode it. Therefore, the sensor used the effective reputation to enforce the policy rule and terminate the process. References:
Endpoint Standard: How to Confirm Applied ... - VMware Carbon Black, Resolution section.


質問 # 27
An administrator has dismissed a group of alerts and ticked the box for "Dismiss future instances of this alert on all devices in all policies". There is also a Notification configured to email the administrator whenever an alert of the same Severity occurs. The following day, a new alert is added to the same group of alerts.
How will this alert be handled?

  • A. The alert will show when the Dismissed filter is selected on the Alerts page, and a Notification email will be sent.
  • B. The alert will show when Not Dismissed filter is selected on Alerts page, but a Notification email will not be sent.
  • C. The alert will show when the Dismissed filter is selected on Alerts page, but a Notification email will not be sent.
  • D. The alert will show when the Not Dismissed filter is selected on Alerts page, and a Notification email will be sent.

正解:C


質問 # 28
Which command is used to immediately terminate a current Live Response session?

  • A. execfg
  • B. kill
  • C. delete
  • D. detach -q

正解:D

解説:
Explanation
The command detach -q is used to immediately terminate a current Live Response session and return to the Carbon Black Cloud console. This command is useful when the user wants to end the session without waiting for the timeout or the confirmation prompt. The -q option stands for "quiet" and suppresses any output or feedback from the command. References: VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Live Response Commands, page 11.


質問 # 29
The administrator has configured a permission rule with the following options selected:
Application at path: C:\Program Files\**
Operation Attempt: Performs any operation
Action: Bypass
What is the impact, if any, of using the wildcards in the application at path field?

  • A. Executable files in the "Program Files" directory will be logged.
  • B. Executable files in the "Program Files" directory will be blocked.
  • C. Executable files in the "Program Files" directory and subdirectories will be ignored.
  • D. Executable files in the "Program Files" directory will be subject to blocking rules.

正解:C


質問 # 30
An administrator would like to proactively know that something may get blocked when putting a policy rule in the environment.
How can this information be obtained?

  • A. Search the data using the test rule functionality.
    B Examine log files to see what would be impacted
  • B. Put the rules in and see what happens to the endpoints.
    D Determine what would happen based on previously used antivirus software

正解:A


質問 # 31
An administrator is reviewing how event data is categorized and identified in VMware Carbon Black Cloud.
Which method is used?

  • A. By Unique Event ID
  • B. By Unique Process ID
  • C. By Event Name
  • D. By Process Name

正解:A


質問 # 32
A security administrator needs to review the Live Response activities and commands that have been executed while performing a remediation process to the sensors.
Where can the administrator view this information in the console?

  • A. Audit Log
  • B. Users
  • C. Inbox
  • D. Notifications

正解:A


質問 # 33
Which scenario would qualify for the "Local White" Reputation?

  • A. The file was signed using a trusted certificate.
  • B. The hash was not on any known good or known bad lists, AND the file is signed.
  • C. The file was added as an IT took
  • D. The hash was previously analyzed, AND it is not on any known good or bad lists.

正解:A

解説:
Explanation
The Local White reputation is assigned to files that are either pre-existing on the device before the sensor installation, or signed by a trusted certificate, or created by an IT tool. The file signature is verified by the sensor against a list of trusted certificates that are stored locally on the device. If the file is signed by a certificate that matches one of the trusted certificates, the sensor assigns the Local White reputation to the file.
This reputation indicates that the file is trusted and allowed to run on the device. The other options are incorrect because they do not qualify for the Local White reputation. Option A is incorrect because adding a file as an IT tool does not automatically assign it the Local White reputation. The file must also be signed by a trusted certificate or pre-existing on the device. Option C is incorrect because the hash being not on any known good or bad lists is not relevant for the Local White reputation. The file must also be signed by a trusted certificate or pre-existing on the device. Option D is incorrect because the hash being previously analyzed is notrelevant for the Local White reputation. The file must also be signed by a trusted certificate or pre-existing on the device. References: Reputations Assignment for Pre-Existing Files, Reputation Assignment


質問 # 34
In which tab of the VMware Carbon Black Cloud interface can sensor status details be found?

  • A. Enforce > Policies
  • B. Inventory > Sensors
  • C. Inventory > Endpoints
  • D. Inventory > Sensor groups

正解:C

解説:
Explanation
The sensor status details can be found in the Inventory > Endpoints tab of the VMware Carbon Black Cloud interface. This tab displays all the deployed sensors by default, and allows the administrator to filter them by various criteria, such as status, policy, group, OS, or device name. The status column indicates the state of a sensor and any administrator actions that have been taken on the sensor, such as bypass, quarantine, or deregister. The administrator can also view more details about a sensor by clicking on its name, such as the sensor version, last check-in time, device health score, and policy history. The administrator can also take actions on a sensor from this tab, such as updating, isolating, or uninstalling the sensor. References: Sensor Status and Details - Asset Groups, Carbon Black Cloud Endpoint Standard - Technical Overview


質問 # 35
An organization is seeing a new malicious process that has not been seen before.
Which tool can be used to block this process?

  • A. Certificate banned list
  • B. Malware Removal
  • C. Policy rules
  • D. Live Response

正解:D

解説:
Explanation
Live Response is a tool that allows administrators to remotely access and remediate endpoints in real time.
With Live Response, administrators can block a new malicious process by killing it, deleting its files, and removing any persistence mechanisms. Live Response can also be used to collect forensic data, run scripts, and perform other actions on the endpoints. References: VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 5.3: Live Response. [Link]


質問 # 36
What is a security benefit of VMware Carbon Black Cloud Endpoint Standard?

  • A. Data leakage protection (DLP) is enforced on endpoints or subsets of endpoints.
  • B. Events and alerts are tagged with Carbon Black TTPs to provide context around attacks.
  • C. Firewall rule configuration are provided in the environment.
  • D. Customized threat feeds can be combined with other outside threat intelligence sources.

正解:B


質問 # 37
What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?

  • A. Priority 1: Unknown, Priority 11: Ignore
  • B. Priority 1: Company Allowed, Priority 11: Not Listed/Adaptive White
  • C. Priority 1: Known Malware, Priority 11: Common White
  • D. Priority 1: Ignore, Priority 11: Unknown

正解:D


質問 # 38
......

あなたを必ず合格させる5V0-93.22問題集PDF2024年最新のに更新された62問あります:https://jp.fast2test.com/5V0-93.22-premium-file.html


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어