VMware 5V0-91.20 Exam Practice Test Instant Access

Question 1

Review the following search:

childproc_name:''rundll32.exe'' AND -digsig_result:''Signed'' AND path:c:\windows\*

What is this search looking for?

AProcesses being launched by rundll32.exe running out of the windows directory that are not signed

BInstances of rundll32.exe running out of the windows directory that are not signed

CInstances of rundll32.exe running out of the windows directory that are signed

DProcesses launching rundll32.exe running out of the windows directory that are not signed

Answer : A

Question 2

A company wants to implement the strictest security controls for computers on which the software seldom

changes (i.e., servers or single-purpose systems).

Which Enforcement Level is the most fitting?

ALow Enforcement

BMedium Enforcement

CHigh Enforcement

DNone (Visibility)

Answer : C

Question 3

This search is entered into the process search page: notepad.exe

Which three statements about this query are true? (Choose three.)

AOnly processes named notepad.exe will be returned.

BSince a field name is not selected, query performance will be impacted.

CA field identifier is required for all criteria within a process search.

DThe search will fail with an error.

EAll processes containing the text notepad.exe in any default field.

FProcesses with registry modifications containing notepad.exe would be retuned.

Answer : B, E, F

Question 4

Carbon Black App Control maintains an inventory of all interesting (executable) files on endpoints where the agent is installed.

What is the initial inventory procedure called, and how can this process be triggered?

AInventorying; enable Discovery mode

BBaselining; install the agent

CDiscovery; place agent into Disabled mode

DInitialization; move agent out of Disabled mode

Answer : A

Question 5

A security policy states to enable Live Response by default across the enterprise. However, the team identified critical systems which should not support Live Response due to risk. The team needs to disable Live Response on selected systems.

From which page can this goal be accomplished?

APolicy

BAPI Access

CEndpoints

DRoles

Answer : D

Question 6

Which Sensor Status under Endpoint Health indicates that a system's policy enforcement is disabled, and the sensor is not sending security event data to the cloud?

AQuarantined

BDeregistered

CInactive

DBypass

Answer : D

Bypass-has-been-Enabled-on-the/ta-p/74905

Question 7

In which two ways can the tamper protection on an App Control agent be disabled when diagnosing agent

issues or removing the agent? (Choose two.)

AFrom the Computer Details page on the web console

BFrom the Files on Computers page on the web console

CRun authenticated DasCLI on Windows command prompt

DRun RepCLI on Windows command prompt

EFrom the File Catalog page on the web console

Answer : A, C

Tamper-Protection/ta-p/37220

VMware 5V0-91.20 VMware Carbon Black Portfolio Skills Exam Practice Test