VMware 5V0-91.20 Exam Questions Instant Access

Question 1

When dismissing alerts, when should an administrator select "If alert occurs in the future, automatically dismiss it from all devices"?

AWhen the administrator wishes to mark the alert instance as a false positive

BWhen the administrator wishes to be notified again to this behavior

CWhen the administrator wishes to apply this action to all future alerts from the device

DWhen the administrator wishes to remove the alert

Answer : C

Question 2

There is a requirement to block ransomware when a sensor is offline.

Which blocking and isolation rule fulfills this requirement?

AKnown Malware ---> Performs ransomware-like behavior ---> Terminate process

BNot Listed Application ---> Performs ransomware-like behavior ---> Deny operation

CSuspect Malware ---> Performs ransomware-like behavior ---> Deny operation

DUnknown Application ---> Performs ransomware-like behavior ---> Terminate process

Answer : A

Question 3

Which value should an administrator use when reviewing an alert to determine the file reputation at the time the event occurred?

ACloud Reputation (Initial)

BEffective Reputation

CLocal Reputation

DCloud Reputation (Current)

Answer : A

Question 4

What are the three available methods in VMware Carbon Black App Control by which an endpoint (agent) can be assigned to a specific policy? (Choose three.)

ABy pushing the designated GPO script

BVia DASCLI command

CBy installing the agent via SCCM

DManual policy assignment

EBy branded/policy-specific installer

FBy Active Directory Mapping

Answer : C, D, F

Question 5

A watchlist generates a false positive on the Triage Alerts page, so the watchlist must be updated.

How should this task be accomplished?

AOne can update watchlists directly on the Triage Alerts Page using the pencil icon.

BOne can update watchlists from the Process Search Page.

COpen the process analysis page and select the Add Watchlist Exclusion option from the Actions menu.

DOpen the Watchlist Page and click the pencil button associated with the watchlist.

Answer : A

Question 6

After an emergency, what does the Restore computer button do on the App Control Home page?

AMove all computers to the original Enforcement level

BMove all computers to High Enforcement level

CMove all computers to Low Enforcement level

DMove all computers to Medium Enforcement level

Answer : A

Question 7

Which identifier is shared by all events when an alert is investigated?

AProcess ID

BEvent ID

CPriority Score

DAlert ID

Answer : B

VMware Carbon Black Portfolio Skills 5V0-91.20 Exam Questions