live chatMcAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Pass4Test 10%OFF Discount Code

VMware Carbon Black Portfolio Skills - 5V0-91.20 Exam Questions

QUESTION NO: 1
Review this EDR query:
childproc_name:whoami.exe AND childproc_name:hostname.exe AND childproc_name:tasklist.exe AND childproc_name:ipconfig.exe Which process would show in the query results?
Correct Answer: D
QUESTION NO: 2
An analyst navigates to the alerts page in Endpoint Standard and sees the following:

What does the yellow color represent on the left side of the row?
Correct Answer: A
QUESTION NO: 3
Which two statements are true regarding Live Response? (Choose two.)
Correct Answer: B,C
QUESTION NO: 4
An analyst has investigated two alerts on two separate HR workstations and found that notepad.exe has established communication to another IP address.
Which rule will kill notepad.exe entirely if this activity is detected in the future?
Correct Answer: B
QUESTION NO: 5
A process has created a number of interesting (executable) files in one sequence.
In addition to the event Subtype 'New Unapproved File to Computer', what other event subtype is likely to be associated with this sequence?
Correct Answer: A
QUESTION NO: 6
After an emergency, what does the Restore computer button do on the App Control Home page?
Correct Answer: C
QUESTION NO: 7
Given the following query:
SELECT * FROM users WHERE UID >= 500;
Which statement is correct?
Correct Answer: D
QUESTION NO: 8
An administrator wants to find instances where the binary Is unsigned.
Which term will accomplish this search?
Correct Answer: B
QUESTION NO: 9
This search is entered into the process search page: notepad.exe
Which three statements about this query are true? (Choose three.)
Correct Answer: A,C,E
QUESTION NO: 10
A Carbon Black Cloud analyst needs to identify the Internet Explorer extensions installed on Windows endpoints.
Which Live Query statement will successfully query these items?
Correct Answer: C