VMware Carbon Black Portfolio Skills 5V0-91.20 Exam Practice Test

Page: 1 / 14
Total 116 questions
Question 1

Review the following EDR query:

(parent_name:powershell.exe OR parent_name:cmd.exe) AND netconn_count:[l TO *]

Which process would show in the query results?



Answer : A


Question 2

An administrator viewed and filtered the results of a completed query within the User Interface for Audit and Remediation. The administrator exported the results to create charts and other visuals for reporting. When viewing the exported results, the administrator noticed some results were missing from the data set.

Why did the administrator not have the full data set from the query?



Answer : D


Question 3

An Enterprise EDR administrator sees the process in the graphic on the Investigate page but does not see an alert for this process:

How can the administrator generate an alert for future hits against this watchlist?



Answer : D


Question 4

An analyst is investigating an alert within the Enterprise EDR console and needs to take action on it.

Which three actions are available to take on the alert? (Choose three.)



Answer : B, C, E


Alerts/ta-p/51766

Question 5

Which Live Query statement is properly constructed?



Answer : D


Question 6

Which strategy should be used to purge inactive bans from the web console?



Answer : C


Question 7

An analyst is investigating an alert within Enterprise EDR on the process analysis page. The process tree can be seen below:

Which statement accurately characterizes this situation?



Answer : B


Page:    1 / 14   
Total 116 questions