最新的VMware Security Solutions認證 5V0-93.22考試題庫

問題1

An administrator is investigating an alert and reads a summary that says:
The application powershell.exe was leveraged to make a potentially malicious network connection.
Which action should the administrator take immediately to block that connection?

A. Click Quarantine Asset

B. Click Delete Application

C. Click Drop Connection

D. Click Export Alert

正確答案: C

說明：（僅 VCESoft 成員可見）

問題2

An organization has the following requirements for allowing application.exe:
Must not work for any user's D:\ drive
Must allow running only from inside of the user's Temp\Allowed directory Must not allow running from anywhere outside of Temp\Allowed For example, on one user's machine, the path is C:\Users\Lorie\Temp\Allowed\application.exe.
Which path meets this criteria using wildcards?

A. C:\Users\?\Temp\Allowed\application.exe

B. *:\Users\*\Temp\Allowed\application.exe

C. C:\Users\*\Temp\Allowed\application.exe

D. *:\Users\**\Temp\Allowed\application.exe

正確答案: D

說明：（僅 VCESoft 成員可見）

問題3

An administrator wants to find information about real-world prevention rules that can be used in VMware Carbon Black Cloud Endpoint Standard.
How can the administrator obtain this information?

A. Refer to an external report from other security vendors to obtain solutions.

B. Refer to VMware Carbon Black Cloud user guide.

C. Refer to the TAU-TIN's on the VMware Carbon Black community page.

D. Refer to the VMware Carbon Black Cloud sensor install guide.

正確答案: C

說明：（僅 VCESoft 成員可見）

問題4

The administrator has configured a permission rule with the following options selected:
Application at path: C:\Users\*\Downloads\**
Operation Attempt: Performs any operation
Action: Bypass
What is the impact, if any, of using the wildcards in the path for this rule?

A. Any executable in the downloads directory will be prevented from executing.

B. Any executable in the downloads directory for any user on the system will be bypassed for inspection.

C. No files will be ignored from the downloads directory.

D. Any executable in the downloads directory for any user on the system will be logged and allowed to execute.

正確答案: B

說明：（僅 VCESoft 成員可見）

問題5

An administrator has just placed an endpoint into bypass.
What type of protection, if any, will VMware Carbon Black provide this device?

A. VMware Carbon Black will apply policy rules.

B. VMware Carbon Black will be uninstalled from the endpoint.

C. VMware Carbon Black will place the machine in quarantine.

D. VMware Carbon Black will not provide any protection to the endpoint.

正確答案: D

說明：（僅 VCESoft 成員可見）

問題6

A company wants to prevent an executable from running in their organization. The current reputation for the file is NOT LISTED, and the machines are in the default standard policy.
Which action should be taken to prevent the file from executing?

A. Use Live Response to kill the process.

B. Add the hash to the MALWARE list.

C. Use Live Response to delete the file.

D. Add the hash to the company banned list.

正確答案: D

說明：（僅 VCESoft 成員可見）

問題7

Is it possible to search for unsigned files in the console?

A. Yes, by using the search:
NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNED

B. Yes, by looking at signed and unsigned executables in the environment and seeing if another difference can be found, thus locating unsigned files in the environment.

C. Yes, by using the search:
process_publisher_state:FILE_SIGNATURE_STATE_UNSIGNED

D. No, it is not possible to return a query for unsigned files.

正確答案: A

說明：（僅 VCESoft 成員可見）

最新的VMware Carbon Black Cloud Endpoint Standard Skills - 5V0-93.22免費考試真題

最新更新

站內鏈接

聯系我們