An administrator needs to query all endpoints in the HR group for instances of an obfuscated copy of cmd.exe.
Given this Enterprise EDR query:
process_name:cmd.exe AND device_group:HR AND NOT enriched:true
Which example could be added to the query to provide the desired results?
Answer : A
Which statement is true about Carbon Black Live Response (CBLR)?
Answer : B
Which reputation is processed with the lowest priority for Endpoint Standard?
Answer : B
What does the Aggressive setting do when configured in Local Scan Settings?
Answer : C
An analyst is investigating a specific alert in Endpoint Standard. The analyst selects the investigate button from the alert triage page and sees the following:
Which statement accurately characterizes this situation?
Answer : D
Which Sensor Status under Endpoint Health indicates that a system's policy enforcement is disabled, and the sensor is not sending security event data to the cloud?
Answer : D
Bypass-has-been-Enabled-on-the/ta-p/74905
In which two ways can the tamper protection on an App Control agent be disabled when diagnosing agent
issues or removing the agent? (Choose two.)
Answer : A, C
Tamper-Protection/ta-p/37220