VMware 5V0-91.20 Exam Questions Instant Access

Question 1

An analyst is reviewing an alert in Enterprise EDR from a custom watchlist. The analyst disagrees with the alert severity rating.

How can the analyst change the alert severity value, if this is possible?

AThe alert severity is assigned by the backend analytics.

BThe alert severity is not configurable.

CChange the alert severity on the watchlist.

DChange the alert severity on the report.

Answer : C

Question 2

Why would a sensor have a status of "Inactive"?

AThe sensor has not checked in within the last 30 days.

BThe sensor has been uninstalled from the endpoint for more than 30 days.

CThe device has been put in bypass for the last 30 days.

DThe sensor has been in disabled mode for more than 30 days.

Answer : A

Question 3

The security operations group is complaining that they are getting multiple App Control alerts for specific malicious files after they have banned the file.

Which step is necessary to prevent future alerts on these files?

AEdit the Malicious File Detected Alert. Select the criteria: Ignore already banned files and Ignore already approved files.

BEdit the Malicious File Detected Alert. Select the criteria: Ignore already banned files.

CDisable the Reminder Mail.

DSet the Alert Status to Disabled.

Answer : C

Question 4

Which enforcement level does not block unapproved files but will block files that have been specifically banned?

AMedium Enforcement

BDisabled

CVisibility

DLow Enforcement
The protection level applied to computers running the App Control
Agent. A range of levels from High (Block Unapproved) to None
(Disabled) enable you to specify the level of file blocking required.

Answer : B

Question 5

An administrator is troubleshooting App Control agent issues. When navigating to the Computer Details page, the administrator sees the following:

What is the status of the WINDOWS-CLIENT agent?

AConnected and Up to date

BDisconnected and Up to date

CConnected but unsupported

DConnected but health check failed

Answer : B

Question 6

A Carbon Black administrator received an alert for an untrusted hash executing in the environment.

Which two information items are found in the alert pane? (Choose two.)

ALaunch Live Query

BLaunch process analysis

CUser quarantine

DAdd hash to banned list

EIOC short name

Answer : A, B

Question 7

An administrator has updated a Threat Intelligence Report by turning it into a watchlist and needs to disable (Ignore) the old Threat Intelligence Report.

Where in the UI is this action not possible to perform?

ASearch Threat Reports Page

BThreat Intelligence Feeds Page

CThreat Report Page

DTriage Alerts Page

Answer : B

VMware Carbon Black Portfolio Skills 5V0-91.20 Exam Questions