5V0-91.20 Online Practice Questions and Answers

What are the three available methods in VMware Carbon Black App Control by which an endpoint (agent) can be assigned to a specific policy? (Choose three.)

A. By pushing the designated GPO script

B. Via DASCLI command

C. By installing the agent via SCCM

D. Manual policy assignment

E. By branded/policy-specific installer

F. By Active Directory Mapping

An administrator is searching for any child processes of email clients with this query in Carbon Black Enterprise EDR:

parent_name:outlook.exe OR parent_name:thunderbird.exe OR parent_name:eudora.exe The administrator would like to modify this query to only show child processes that do not have a known reputation in the Carbon Black Cloud.

Which search field can be added to the query to show the desired results?

A. process_integrity_level

B. process_reputation

C. process_privileges

D. process_cloud_reputation

What is the meaning, if any, of the event Report write (removable media)?

A. This event would never occur. App Control does not report activity on removable media.

B. A Policy's device control setting `Block writes to unapproved removable media' is set to Report Only. The event details show the process, file name, and hash modified or deleted on the removable media.

C. A Policy's device control setting `Block writes to unapproved removable media' is set to Report Only. The event details show the process and file name modified or deleted on the unapproved removable media.

D. A Policy's device control setting `Block writes to unapproved removable media' is set to Enabled. The event details show the process, file name, and hash modified or deleted on the removable media.

An organization leverages a commonly used software distribution tool to manage deployment of enterprise software and updates. Custom rules are a suitable option to ensure the approval of files delivered by this tool.

Which other trust mechanism could the organization configure for large-scale approval of these files?

A. Windows Update

B. Trusted Distributor

C. Local Approval Mode

D. Rapid Config

Which two statements are true about Carbon Black alerts? (Choose two.)

A. They can be grouped together.

B. Once received, it can be dismissed in bulk.

C. Once dismissed, the action cannot be undone.

D. Carbon Black does not generate alerts.

E. They are stored for 15 days.

Which identifier is shared by all events when an alert is investigated?

A. Process ID

B. Event ID

C. Priority Score

D. Alert ID

An analyst has investigated two alerts on two separate HR workstations and found that notepad.exe has established communication to another IP address.

Which rule will kill notepad.exe entirely if this activity is detected in the future?

A. **\system32\notepad.exe --> Communicates over the network --> Terminate process

B. **\system32\notepad.exe --> Runs or is Running --> Deny operation

C. **/system32/notepad.exe --> Runs or is Running --> Terminate process

D. **/system32/notepad.exe--> Communicates over the network --> Deny operation

Which statement is true about configuring VMware Carbon Black Application Control for use on non-persistent virtual machines (VM's)?

A. The endpoint housing the agent template must always be on/running except when updating the image.

B. The gold image housing the agent template must be digitally signed to ensure the integrity of the agent cache.

C. The endpoint housing the agent template must always be off except when updating the image.

D. The agent running on the template machine must not be initialized before deploying clones.

A Carbon Black Cloud Endpoint Standard analyst is testing different search operator combinations. Which two queries produce the same result? (Choose two.)

A. process_name:chrome.exe OR NOT netconn_domain:google.com

B. process_name:chrome.exe OR netconn_domain:google.com

C. process_name:chrome.exe AND NOT netconn_domain:google.com

D. process_name:chrome.exe netconn_domain:google.com

E. process_narne:chrome.exe NOT netconn_domain:google.com

An administrator viewed and filtered the results of a completed query within the User Interface for Audit and Remediation. The administrator exported the results to create charts and other visuals for reporting. When viewing the exported results, the administrator noticed some results were missing from the data set.

Why did the administrator not have the full data set from the query?

A. Export applies to the data visible in the UI; filtering will impact the viewable data.

B. Export pulls all results; the query must not have covered all data required.

C. Export is limited to the first hundred rows, and the query had more rows than supported.

D. Export was used prior to the query completing, and some data is missing.