Page: 1
/ 14
Total 116 questions
An analyst is reviewing an alert in Enterprise EDR from a custom watchlist. The analyst disagrees with the alert severity rating.
How can the analyst change the alert severity value, if this is possible?
Answer : C
What information does the Alert Details panel provide on the Alert Triage page in Endpoint Standard?
Answer : A
An analyst on the security team noticed that several alerts are false positives within Enterprise EDR. The
analyst disables the IOC within the report from those alerts.
Which statement correctly explains what disabling the IOC will accomplish?
Answer : C
Which identifier is shared by all events when an alert is investigated?
Answer : B
An Enterprise EDR administrator wants to use Watchlists curated by VMware Carbon Black and other threat intelligence specialists.
How should the administrator add these curated Watchlists from the Watchlists page?
Answer : A