• Home
  • Articles
  • [Q48-Q66] Tested Material Used To 5V0-91.20 Test Engine Exam Questions in here [Sep-2021]

[Q48-Q66] Tested Material Used To 5V0-91.20 Test Engine Exam Questions in here [Sep-2021]

Share

Tested Material Used To 5V0-91.20 Test Engine Exam Questions in here [Sep-2021]

Penetration testers simulate 5V0-91.20 exam PDF

NEW QUESTION 48
Which list below captures all Enforcement Levels for App Control policies?

  • A. High Enforcement, Medium Enforcement, Low Enforcement, None (Visibility), None (Disabled)
  • B. High Enforcement, Medium Enforcement, Low Enforcement
  • C. Control, Local Approval, Disabled
  • D. Critical, Lockdown, Monitored, Tracking, Banning

Answer: A

Explanation:
Reference:
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwiFsPPz04XvAhWRsnEKHV4lBukQFjABegQIAhAD& url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%
2Fproduct-docs-news%2F2961%2F1%2FVMware%2520Carbon%2520Black%2520App%2520Control%
25208.5.0%2520User%2520Guide.pdf&usg=AOvVaw3es_0JTc8-_BifNR4iFiGl (6)

 

NEW QUESTION 49
Which statement is true about Carbon Black Live Response (CBLR)?

  • A. CBLR cannot be accessed through the API.
  • B. CBLR sessions do not need to wait for the next sensor check-in.
  • C. CBLR is disabled by default.
  • D. CBLR is only available on Windows Endpoints.

Answer: C

 

NEW QUESTION 50
An administrator receives an alert with the TTP DATA_TO_ENCRYPTION.
What is known about the alert based on this TTP even if other parts of the alert are unknown?

  • A. A process attempted to delete encrypted data on the disk.
  • B. A process attempted to write a file to the disk.
  • C. A process attempted to modify a monitored file written by the sensor.
  • D. A process attempted to transfer encrypted data on the disk over the network.

Answer: B

 

NEW QUESTION 51
Which two statements are true regarding Live Response? (Choose two.)

  • A. Live Response requires both view and manage permissions to use.
  • B. Live Response utilizes the same channel for sensor-server communications.
  • C. Live Response supports one user per session on an endpoint.
  • D. Live Response can only be initiated through the user interface.
  • E. Live Response opens an SSH session with the remote device.

Answer: B,D

 

NEW QUESTION 52
An administrator is searching for any child processes of email clients with this query in Carbon Black Enterprise EDR:
parent_name:outlook.exe OR parent_name:thunderbird.exe OR parent_name:eudora.exe The administrator would like to modify this query to only show child processes that do not have a known reputation in the Carbon Black Cloud.
Which search field can be added to the query to show the desired results?

  • A. process_cloud_reputation
  • B. process_privileges
  • C. process_integrity_level
  • D. process_reputation

Answer: D

 

NEW QUESTION 53
Carbon Black App Control maintains an inventory of all interesting (executable) files on endpoints where the agent is installed.
What is the initial inventory procedure called, and how can this process be triggered?

  • A. Initialization; move agent out of Disabled mode
  • B. Discovery; place agent into Disabled mode
  • C. Inventorying; enable Discovery mode
  • D. Baselining; install the agent

Answer: C

 

NEW QUESTION 54
What is the maximum number of binaries (hashes) that can be banned using the web console?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D

 

NEW QUESTION 55
Which ID in Endpoint Standard is associated with one specific action, involves up to three different hashes (Parent, Process, Target), and occurs on a single device at a specific time?

  • A. Threat ID
  • B. Alert ID
  • C. Event ID
  • D. Process ID

Answer: C

 

NEW QUESTION 56
Why would a sensor have a status of "Inactive"?

  • A. The device has been put in bypass for the last 30 days.
  • B. The sensor has been in disabled mode for more than 30 days.
  • C. The sensor has not checked in within the last 30 days.
  • D. The sensor has been uninstalled from the endpoint for more than 30 days.

Answer: C

 

NEW QUESTION 57
When executing a program in App Control, the notification message informs the user that the file is not approved with an option to request approval.
Which Enforcement level is currently enacted?

  • A. High
  • B. Default
  • C. Medium
  • D. Low

Answer: B

 

NEW QUESTION 58
Which enforcement level does not block unapproved files but will block files that have been specifically banned?

  • A. Disabled
  • B. Visibility
  • C. Medium Enforcement
  • D. Low Enforcement
    The protection level applied to computers running the App Control
    Agent. A range of levels from High (Block Unapproved) to None
    (Disabled) enable you to specify the level of file blocking required.

Answer: A

 

NEW QUESTION 59
How is a new Alert of type Event Alert created whenever an endpoint is added or deleted and send emails for the App Control admin whenever these events occur?

  • A. Add filter in Event Properties for Subtype Endpoint added and Endpoint deleted. Click Create and add the App Control admin email, and then click Create &. Exit.
  • B. Add filter in Event Properties for Subtype Computer modified. Add the App Control admin email, and then click Create & Exit.
  • C. Add filter in Event Properties for Subtype Computer added and Computer deleted. Add the App Control admin email, and then click Create & Exit.
  • D. Add filter in Event Properties for Subtype Computer added and Computer deleted. Click Create and add the App Control admin email, and then click Create & Exit.

Answer: B

 

NEW QUESTION 60
An administrator observes the following event detail in the Investigate tab for an application with an unknown reputation making network connections:

Upon further review of the event details returned, the reputation is observed as NOT_LISTED, and the applied (cloud) reputation is UNKNOWN.
Why is the applied (cloud) reputation UNKNOWN and not NOT_LISTED?

  • A. NOT_LISTED was applied by the sensor after observing no cloud reputation, as evidenced by the applied cloud reputation UNKNOWN.
  • B. The sensor demoted the local reputation from UNKNOWN to NOT_LISTED based on the coud reputation.
  • C. The application was UNKNOWN at the time of the event but then later determined to be NOT_LISTED.
  • D. The sensor demoted the local reputation from NOT_LISTED to UNKNOWN based on the cloud reputation.

Answer: C

 

NEW QUESTION 61
An administrator is reviewing an alert about a known and required application in the environment. The application has been given the reputation of PUP, with the alert reason being that the PUP was detected. As a result, this application is matching policy blocking & isolation rules for PUPs in the environment and Is not behaving as expected.
Which step should the administrator take to remediate this situation?

  • A. Dismiss the alert
  • B. Add the file to the Approved List
  • C. Add the file to the Banned List and Delete application
  • D. Add the file to the Approved List and Dismiss alert

Answer: A

 

NEW QUESTION 62
An administrator uses the following Enterprise EDR search query to show web browsers spawning nonbrowser child processes that connect over the network:
(parent_name:chrome.exe OR parent_name:iexplore.exe OR parent_name:firefox.exe) AND (NOT process_name:chrome.exe OR NOT process_name:iexplore.exe OR NOT process_name:firefox.exe) Which field can be added to this query to filter the results by signature status?

  • A. process_publisher_state
  • B. childproc_publisher_state
  • C. childproc_reputation
  • D. process_publisher

Answer: C

 

NEW QUESTION 63
A process wrote an executable file as detailed in the following event:

Which rule type should be used to ensure that files of the same name and path, written by that process in the future, will not be blocked when they execute?

  • A. File Creation Control
  • B. Advances (Write-Ignore)
  • C. Trusted Path
  • D. Trusted Publisher

Answer: A

 

NEW QUESTION 64
What occurs when an administrator selects "Enable private logging level" in Sensor Settings under Policy?

  • A. Domain names are obfuscated.
  • B. Script Files that have unknown reputations are not uploaded.
  • C. Live Response is disabled.
  • D. Delay execute for cloud scan is disabled.

Answer: B

 

NEW QUESTION 65
The security operations group is complaining that they are getting multiple App Control alerts for specific malicious files after they have banned the file.
Which step is necessary to prevent future alerts on these files?

  • A. Edit the Malicious File Detected Alert. Select the criteria: Ignore already banned files.
  • B. Edit the Malicious File Detected Alert. Select the criteria: Ignore already banned files and Ignore already approved files.
  • C. Disable the Reminder Mail.
  • D. Set the Alert Status to Disabled.

Answer: C

 

NEW QUESTION 66
......

Authentic Best resources for 5V0-91.20 Online Practice Exam: https://www.actualcollection.com/5V0-91.20-exam-questions.html

Related Articles

more
VMware 5V0-91.20 Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy