VMware 5V0-91.20 Exam Practice Test Instant Access

Question 1

An Endpoint Standard administrator is working with an IT team to explicitly permit specific applications from the environment using both the IT Tools and Certs Approved List features.

Once applied, which reputation would these applications be classified under for processing?

ATrusted White

BCompany White

CLocal White

DCommon White

Answer : A

Question 2

Refer to the exhibit:

Which statement is true in regards to communication between the sensor and server?

AThe sensor must be able to resolve the name cb.yourcompany.com.

BThe server must have an entry in the host file for cb.yourcompany.com.

CThe communication is unencrypted.

DThe sensor will communicate on a non-default port.

Answer : C

Question 3

There is a requirement to block ransomware when a sensor is offline.

Which blocking and isolation rule fulfills this requirement?

AKnown Malware ---> Performs ransomware-like behavior ---> Terminate process

BNot Listed Application ---> Performs ransomware-like behavior ---> Deny operation

CSuspect Malware ---> Performs ransomware-like behavior ---> Deny operation

DUnknown Application ---> Performs ransomware-like behavior ---> Terminate process

Answer : A

Question 4

A process is writing numerous interesting files that never actually execute.

Which rule type can the administrator define that will prevent reporting these file creations?

APerformance Optimization

BFile Creation Control (Suppress)

CExpert (Tag Process, Terminate Process)

DExecute Ignore

Answer : A

Question 5

An analyst is investigating an alert within the Enterprise EDR console and needs to take action on it.

Which three actions are available to take on the alert? (Choose three.)

AIgnore alert

BDismiss

CDismiss on all devices if grouping is enabled

DEdit watchlist

ESave report

FNotifications history

Answer : B, C, E

Alerts/ta-p/51766

Question 6

Review the following EDR query:

(parent_name:powershell.exe OR parent_name:cmd.exe) AND netconn_count:[l TO *]

Which process would show in the query results?

AProcesses invoked by Powershell.exe and cmd.exe with a single network connection event

BProcesses invoking Powershell.exe and cmd.exe with multiple network connection events

CProcesses invoked by Powershell.exe or cmd.exe with any number of network connection events

DProcesses invoking Powershell.exe or cmd.exe with multiple network connection events

Answer : A

Question 7

An authorized administrator plans to remove the App Control agent from a computer.

Which Enforcement Level must a computer be in before the agent can be uninstalled?

AVisibility

BNone (Disabled)

CAny Enforcement Level

DLow Enforcement

Answer : C

VMware 5V0-91.20 VMware Carbon Black Portfolio Skills Exam Practice Test