• Home
  • Articles
  • Authentic 5V0-91.20 Dumps - Free PDF Questions to Pass [Q60-Q81]

Authentic 5V0-91.20 Dumps - Free PDF Questions to Pass [Q60-Q81]

Share

Authentic 5V0-91.20 Dumps - Free PDF Questions to Pass

Guaranteed Accomplishment with Newest Jan-2022 FREE 5V0-91.20


For more info read reference:

VMware Carbon Black Portfolio Skills Exam website VMware Carbon Black Portfolio Skills Exam knowledge base VMware Carbon Black Portfolio Skills Exam blogs VMware Carbon Black Portfolio Skills Exam docs VMware Carbon Black Portfolio Skills Exam published paper VMware Carbon Black Portfolio Skills Exam techpapers

 

NEW QUESTION 60
An administrator is reviewing an alert about a known and required application in the environment. The application has been given the reputation of PUP, with the alert reason being that the PUP was detected. As a result, this application is matching policy blocking & isolation rules for PUPs in the environment and Is not behaving as expected.
Which step should the administrator take to remediate this situation?

  • A. Add the file to the Approved List
  • B. Add the file to the Approved List and Dismiss alert
  • C. Dismiss the alert
  • D. Add the file to the Banned List and Delete application

Answer: C

 

NEW QUESTION 61
Which value should an administrator use when reviewing an alert to determine the file reputation at the time the event occurred?

  • A. Cloud Reputation (Current)
  • B. Cloud Reputation (Initial)
  • C. Local Reputation
  • D. Effective Reputation

Answer: B

 

NEW QUESTION 62
An administrator runs the following query in Audit and Remediation:
SELECT *
FROM users
WHERE UID >= 500;
How long will this query stay active and accept data from the sensors?

  • A. 14 days
  • B. 1 day
  • C. 30 days
  • D. 7 days

Answer: C

 

NEW QUESTION 63
An analyst has investigated two alerts on two separate HR workstations and found that notepad.exe has established communication to another IP address.
Which rule will kill notepad.exe entirely if this activity is detected in the future?

  • A. **\system32\notepad.exe --> Runs or is Running --> Deny operation
  • B. **/system32/notepad.exe--> Communicates over the network --> Deny operation
  • C. **/system32/notepad.exe --> Runs or is Running --> Terminate process
  • D. **\system32\notepad.exe --> Communicates over the network --> Terminate process

Answer: C

 

NEW QUESTION 64
An analyst wants to block an application's specific behavior but does not want to kill the process entirely as it is heavily used on workstations. The analyst needs to use a Blocking and Isolation Action to ensure that the process is kept alive while blocking further unwanted activity.
Which Blocking and Isolation Action should the analyst use to accomplish this goal?

  • A. Deny Operation
  • B. Block Process
  • C. Terminate Process
  • D. Log Operation

Answer: A

 

NEW QUESTION 65
Given an event rule: Approve nVidia Drivers, changes the local state to Approved for file writes or execution blocks when the publisher is NVIDIA Corporation.
How is an alert created that is triggered whenever an nVidia driver is approved by the event rule?

  • A. Create a custom rule name Approve nVidia that approves writes or blocks when the publisher is NVIDIA Corporation. Create an alert for rule name Approve nVidia. Click Create and add email recipients.
  • B. Click Create Alert on the event rule Approve nVidia Drivers details page. Click Create and add email recipients. Create and Exit.
  • C. Click Create Alert on the event rule Approve nVidia Drivers details page. Add email recipients. Create and Exit.
  • D. Add a new Alert of type Event Alert. Set Subtype to New unapproved file to computer and Execution block (unapproved file) and Publisher to NVIDIA Corporation. Click Create and add email recipients.

Answer: B

 

NEW QUESTION 66
An administrator viewed and filtered the results of a completed query within the User Interface for Audit and Remediation. The administrator exported the results to create charts and other visuals for reporting. When viewing the exported results, the administrator noticed some results were missing from the data set.
Why did the administrator not have the full data set from the query?

  • A. Export applies to the data visible in the UI; filtering will impact the viewable data.
  • B. Export is limited to the first hundred rows, and the query had more rows than supported.
  • C. Export was used prior to the query completing, and some data is missing.
  • D. Export pulls all results; the query must not have covered all data required.

Answer: C

 

NEW QUESTION 67
Which enforcement level does not block unapproved files but will block files that have been specifically banned?

  • A. Visibility
  • B. Medium Enforcement
  • C. Low Enforcement
    The protection level applied to computers running the App Control
    Agent. A range of levels from High (Block Unapproved) to None
    (Disabled) enable you to specify the level of file blocking required.
  • D. Disabled

Answer: D

 

NEW QUESTION 68
Which list below captures all Enforcement Levels for App Control policies?

  • A. Control, Local Approval, Disabled
  • B. Critical, Lockdown, Monitored, Tracking, Banning
  • C. High Enforcement, Medium Enforcement, Low Enforcement, None (Visibility), None (Disabled)
  • D. High Enforcement, Medium Enforcement, Low Enforcement

Answer: C

Explanation:
Reference:
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwiFsPPz04XvAhWRsnEKHV4lBukQFjABegQIAhAD& url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%
2Fproduct-docs-news%2F2961%2F1%2FVMware%2520Carbon%2520Black%2520App%2520Control%
25208.5.0%2520User%2520Guide.pdf&usg=AOvVaw3es_0JTc8-_BifNR4iFiGl (6)

 

NEW QUESTION 69
An administrator is concerned that someone may be using unauthorized commands from cmd.exe. These commands are not considered suspicious or malicious, and there is no policy based around them.
Which page should the administrator use to find these commands?

  • A. Investigate
  • B. Alerts
  • C. Sensor Management
  • D. Policies

Answer: C

 

NEW QUESTION 70
In which two ways can the tamper protection on an App Control agent be disabled when diagnosing agent issues or removing the agent? (Choose two.)

  • A. Run RepCLI on Windows command prompt
  • B. From the Files on Computers page on the web console
  • C. Run authenticated DasCLI on Windows command prompt
  • D. From the File Catalog page on the web console
  • E. From the Computer Details page on the web console

Answer: C,E

Explanation:
Reference:
Tamper-Protection/ta-p/37220

 

NEW QUESTION 71
A company wants to implement the strictest security controls for computers on which the software seldom changes (i.e., servers or single-purpose systems).
Which Enforcement Level is the most fitting?

  • A. High Enforcement
  • B. None (Visibility)
  • C. Medium Enforcement
  • D. Low Enforcement

Answer: A

 

NEW QUESTION 72
An incorrectly constructed watchlist generates 10,000 incorrect alerts.
How should an administrator resolve this issue?

  • A. Update the Triage Alerts Page to show 200 alerts, click the Select All Checkbox, click the "Dismiss Alert(s)" button for each page, and then update the watchlist with the correct criteria.
  • B. From the Watchlists Page, select the offending watchlist, click "Clear Alerts" from the Action menu, and then update the watchlist with the correct criteria.
  • C. Delete the watchlist to automatically clear the alerts, and then create a new watchlist with the correct criteria.
  • D. From the Triage Alerts Page, use the facets to select the watchlist, click the Wrench button to "Mark all as Resolved False Positive", and then update the watchlist with the correct criteria.

Answer: D

 

NEW QUESTION 73
Which statement is true about configuring VMware Carbon Black Application Control for use on non-persistent virtual machines (VM's)?

  • A. The agent running on the template machine must not be initialized before deploying clones.
  • B. The endpoint housing the agent template must always be on/running except when updating the image.
  • C. The endpoint housing the agent template must always be off except when updating the image.
  • D. The gold image housing the agent template must be digitally signed to ensure the integrity of the agent cache.

Answer: A

 

NEW QUESTION 74
An Enterprise EDR administrator is reviewing the Investigate page and believes they are receiving false positive hits from specific watchlist.
Which three options reduce future false positive hits from this watchlist? (Choose three.)

  • A. Dismiss the watchlist hit.
  • B. Disable the watchlist associated with the false positives.
  • C. Select edit watchlist and uncheck alert on hits.
  • D. Disable/remove the IOC associated with the false positives.
  • E. Modify policy rules to exclude the false positive directory.
  • F. Disable/remove the report associated with the false positives.

Answer: C,D,F

 

NEW QUESTION 75
Refer to the exhibit:

Which two logic statements correctly explain filtering within the UI? (Choose two.)

  • A. Filtering between fields is a logical OR
  • B. Filtering between fields is a logical XOR
  • C. Filtering within the same field is a logical OR
  • D. Filtering between fields is a logical AND
  • E. Filtering within the same field is a logical AND

Answer: A,B

 

NEW QUESTION 76
An administrator needs to query all endpoints in the HR group for instances of an obfuscated copy of cmd.exe.
Given this Enterprise EDR query:
process_name:cmd.exe AND device_group:HR AND NOT enriched:true
Which example could be added to the query to provide the desired results?

  • A. NOT process_company_name:cmd.exe
  • B. NOT process_name:cmd.exe
  • C. NOT process_internal_name:cmd.exe
  • D. NOT process_original_filename:cmd.exe

Answer: B

 

NEW QUESTION 77
An administrator has configured a policy to run a standard background scan.
How long does this one-time scan take to complete on endpoints assigned to that policy?

  • A. 3-5 days
  • B. 1 day
  • C. 30 days
  • D. 180 days

Answer: C

 

NEW QUESTION 78
What is the maximum number of binaries (hashes) that can be banned using the web console?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B

 

NEW QUESTION 79
Which two statements are true about Carbon Black alerts? (Choose two.)

  • A. Carbon Black does not generate alerts.
  • B. Once received, it can be dismissed in bulk.
  • C. Once dismissed, the action cannot be undone.
  • D. They can be grouped together.
  • E. They are stored for 15 days.

Answer: A,E

 

NEW QUESTION 80
What is the meaning, if any, of the event Report write (removable media)?

  • A. A Policy's device control setting 'Block writes to unapproved removable media' is set to Report Only. The event details show the process and file name modified or deleted on the unapproved removable media.
  • B. A Policy's device control setting 'Block writes to unapproved removable media' is set to Enabled. The event details show the process, file name, and hash modified or deleted on the removable media.
  • C. A Policy's device control setting 'Block writes to unapproved removable media' is set to Report Only. The event details show the process, file name, and hash modified or deleted on the removable media.
  • D. This event would never occur. App Control does not report activity on removable media.

Answer: A

 

NEW QUESTION 81
......

5V0-91.20 Braindumps PDF, VMware 5V0-91.20 Exam Cram: https://www.freepdfdump.top/5V0-91.20-valid-torrent.html

Related Articles

more
VMware 5V0-91.20 Certification Practice Exam

Choose valid pdf torrent and free download dumps from our site, you will never worry about your exam test, and your technical skills will be improved. Actually, our pdf dumps can ensure you 100% pass the actual exam. You can rely on our study dumps and get success.

Latest PDF Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 FreePdfDump NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy