PDFを無料でダウンロードには5V0-91.20有効な練習テスト問題があります
5V0-91.20テストエンジンお試しセット、5V0-91.20問題集PDF
質問 24
An analyst is reviewing an alert in Enterprise EDR from a custom watchlist. The analyst disagrees with the alert severity rating.
How can the analyst change the alert severity value, if this is possible?
- A. Change the alert severity on the report.
- B. The alert severity is not configurable.
- C. The alert severity is assigned by the backend analytics.
- D. Change the alert severity on the watchlist.
正解: D
質問 25
How long will Live Queries in Carbon Black Audit and Remediation run before timing out?
- A. 180 days
- B. 7 days
- C. 14 days
- D. 30 days
正解: B
質問 26
An incorrectly constructed watchlist generates 10,000 incorrect alerts.
How should an administrator resolve this issue?
- A. From the Watchlists Page, select the offending watchlist, click "Clear Alerts" from the Action menu, and then update the watchlist with the correct criteria.
- B. Delete the watchlist to automatically clear the alerts, and then create a new watchlist with the correct criteria.
- C. Update the Triage Alerts Page to show 200 alerts, click the Select All Checkbox, click the "Dismiss Alert(s)" button for each page, and then update the watchlist with the correct criteria.
- D. From the Triage Alerts Page, use the facets to select the watchlist, click the Wrench button to "Mark all as Resolved False Positive", and then update the watchlist with the correct criteria.
正解: D
質問 27
Which identifier is shared by all events when an alert is investigated?
- A. Process ID
- B. Alert ID
- C. Event ID
- D. Priority Score
正解: C
質問 28
An administrator is reviewing an alert about a known and required application in the environment. The application has been given the reputation of PUP, with the alert reason being that the PUP was detected. As a result, this application is matching policy blocking & isolation rules for PUPs in the environment and Is not behaving as expected.
Which step should the administrator take to remediate this situation?
- A. Add the file to the Approved List and Dismiss alert
- B. Add the file to the Approved List
- C. Add the file to the Banned List and Delete application
- D. Dismiss the alert
正解: D
質問 29
An analyst is investigating a specific alert in Endpoint Standard. The analyst selects the investigate button from the alert triage page and sees the following:
Which statement accurately characterizes this situation?
- A. Each event listed contributed to the overall alert score and severity.
- B. These events are tied to an observed alert within the user interface.
- C. The events shown will all have the same event ID, correlating them to the alert.
- D. The policy had no blocking and isolation rules set.
正解: A
質問 30
The security operations group is complaining that they are getting multiple App Control alerts for specific malicious files after they have banned the file.
Which step is necessary to prevent future alerts on these files?
- A. Edit the Malicious File Detected Alert. Select the criteria: Ignore already banned files and Ignore already approved files.
- B. Set the Alert Status to Disabled.
- C. Edit the Malicious File Detected Alert. Select the criteria: Ignore already banned files.
- D. Disable the Reminder Mail.
正解: D
質問 31
Which action is only available for the "Performs any operation" and "Performs any API Operation" operation attempts?
- A. Bypass
- B. Allow & Log
- C. Runs or is Running
- D. Allow
正解: A
解説:
Reference:
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjClN7SwoXvAhViqnEKHbXpChUQFjAAegQIARAD& url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%
2Fproduct-docs-news%2F1413%2F3%2Fcbd-userguide.pdf&usg=AOvVaw1CU0_RmjfwbwAh68IuEKAd (90)
質問 32
A watchlist generates a false positive on the Triage Alerts page, so the watchlist must be updated.
How should this task be accomplished?
- A. One can update watchlists from the Process Search Page.
- B. Open the Watchlist Page and click the pencil button associated with the watchlist.
- C. One can update watchlists directly on the Triage Alerts Page using the pencil icon.
- D. Open the process analysis page and select the Add Watchlist Exclusion option from the Actions menu.
正解: C
質問 33
Which reputation has the highest priority in Cloud Endpoint Standard?
- A. Unknown
- B. Ignore
- C. Known Malware
- D. Adware/PUP Malware
正解: C
質問 34
An administrator ran the following query.
SELECT name, VERSION, install_location, install_source, publisher, install_date, uninstall_string FROM programs WHERE publisher = "Microsoft Corporation"; The administrator notices a lot of installed programs are not returned.
How can the administrator alter the query to see all results?
- A. Edit the WHERE clause to remove the quotes
- B. Change the WHERE clause to = "*"
- C. Remove the WHERE clause
- D. Replace the = with LIKE
正解: A
質問 35
An Enterprise EDR administrator sees the process in the graphic on the Investigate page but does not see an alert for this process:
How can the administrator generate an alert for future hits against this watchlist?
- A. select the watchlist on the watchlists page, select the Scheduled Task Created report, and use Take Action to select Alert on hit for the report.
- B. Select the watchlist on the watchlists page, use Take Action to select Edit, and select Alert on hit.
- C. Select the watchlist on the watchlists page, select the Scheduled Task Created report, and use Take Action to toggle Alert on hit to On.
- D. Select the watchlist on the watchlists page and click on Alerts: Off to toggle the alerts to On.
正解: B
質問 36
An administrator is concerned that someone may be using unauthorized commands from cmd.exe. These commands are not considered suspicious or malicious, and there is no policy based around them.
Which page should the administrator use to find these commands?
- A. Alerts
- B. Policies
- C. Sensor Management
- D. Investigate
正解: C
質問 37
An administrator uses the following Enterprise EDR search query to show web browsers spawning nonbrowser child processes that connect over the network:
(parent_name:chrome.exe OR parent_name:iexplore.exe OR parent_name:firefox.exe) AND (NOT process_name:chrome.exe OR NOT process_name:iexplore.exe OR NOT process_name:firefox.exe) Which field can be added to this query to filter the results by signature status?
- A. childproc_reputation
- B. process_publisher
- C. childproc_publisher_state
- D. process_publisher_state
正解: A
質問 38
Carbon Black App Control maintains an inventory of all interesting (executable) files on endpoints where the agent is installed.
What is the initial inventory procedure called, and how can this process be triggered?
- A. Discovery; place agent into Disabled mode
- B. Baselining; install the agent
- C. Initialization; move agent out of Disabled mode
- D. Inventorying; enable Discovery mode
正解: D
質問 39
Which Sensor Status under Endpoint Health indicates that a system's policy enforcement is disabled, and the sensor is not sending security event data to the cloud?
- A. Deregistered
- B. Bypass
- C. Inactive
- D. Quarantined
正解: B
解説:
Reference:
Bypass-has-been-Enabled-on-the/ta-p/74905
質問 40
......
VMware 5V0-91.20 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
| トピック 8 |
|
| トピック 9 |
|
あなたを合格させるVMware Carbon Black EndPoint Protection 2021 5V0-91.20試験問題集で2022年01月21日には115問あります:https://jp.fast2test.com/5V0-91.20-premium-file.html