An Endpoint Standard administrator is working with an IT team to explicitly permit specific applications from the environment using both the IT Tools and Certs Approved List features.
Once applied, which reputation would these applications be classified under for processing?
Answer : A
Refer to the exhibit:
Which statement is true in regards to communication between the sensor and server?
Answer : C
There is a requirement to block ransomware when a sensor is offline.
Which blocking and isolation rule fulfills this requirement?
Answer : A
A process is writing numerous interesting files that never actually execute.
Which rule type can the administrator define that will prevent reporting these file creations?
Answer : A
An analyst is investigating an alert within the Enterprise EDR console and needs to take action on it.
Which three actions are available to take on the alert? (Choose three.)
Answer : B, C, E
Alerts/ta-p/51766
Review the following EDR query:
(parent_name:powershell.exe OR parent_name:cmd.exe) AND netconn_count:[l TO *]
Which process would show in the query results?
Answer : A
An authorized administrator plans to remove the App Control agent from a computer.
Which Enforcement Level must a computer be in before the agent can be uninstalled?
Answer : C