Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

An administrator needs to fully analyze the relevant information of an event stored in the VMware Carbon Black Cloud.

On which page can this information be found?

A.

Enforce

B.

Investigate

C.

Live Query

D.

Inventory

Which statement accurately characterizes Alerts that are categorized as a "Threat" versus those categorized as "Observed"?

A.

"Threat" indicates an ongoing attack. "Observed" indicates the attack is over and is being watched.

B.

"Threat" indicates a more likely malicious event. "Observed" are less likely to be malicious.

C.

"Threat" indicates a block (Deny or Terminate) has occurred. "Observed" indicates that there is no block.

D.

"Threat" indicates that no block (Deny or Terminate) has occurred. "Observed" indicates a block.

An organization is seeing a new malicious process that has not been seen before.

Which tool can be used to block this process?

A.

Policy rules

B.

Malware Removal

C.

Certificate banned list

D.

Live Response

A company wants to prevent an executable from running in their organization. The current reputation for the file is NOT LISTED, and the machines are in the default standard policy.

Which action should be taken to prevent the file from executing?

A.

Add the hash to the MALWARE list.

B.

Use Live Response to kill the process.

C.

Use Live Response to delete the file.

D.

Add the hash to the company banned list.

Which VMware Carbon Black Cloud process is responsible for uploading event reporting to VMware Carbon Black Cloud?

A.

Sensor Service (RepUx

B.

Scanner Service (scanhost)

C.

Scanner Service (Re

D.

Sensor Service (RepMqr

An administrator wants to be notified when particular Tactics, Techniques, or Procedures (TTPs) are observed on a managed endpoint.

Which notification option must the administrator configure to receive this notification?

A.

Alert that crosses a threshold with the "observed" option selected

B.

Alert that includes specific TTPs

C.

Alert for a Watchlist hit

D.

Policy action that is enforced with the "deny" opt ion selected

An administrator would like to proactively know that something may get blocked when putting a policy rule in the environment.

How can this information be obtained?

A.

Search the data using the test rule functionality.

B Examine log files to see what would be impacted

B.

Put the rules in and see what happens to the endpoints.

D Determine what would happen based on previously used antivirus software

A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry.

Which components can be checked to further inspect the cause of the alert?

A.

Command lines. Device ID, and priority score

B.

Event details, command lines, and TTPs involved

C.

TTPs involved, network connections, and child path

D.

Priority score, file reputation, and timestamp

Which statement is true regarding Blocking/Isolation rules and Permission rules?

A.

Blocking & Isolation rules are overridden by Upload Rules.

B.

Permission Rules are overridden by Blocking & Isolation rules

C.

Upload Rules are overridden by Blocking & Isolation rules.

D.

D.Blocking & Isolation rules are overridden by Permission Rules

A script-based attack has been identified that inflicted damage to the corporate systems. The security administrator found out that the malware was coded into Excel VBA and would like to perform a search to further inspect the incident.

Where in the VMware Carbon Black Cloud Endpoint Standard console can this action be completed?

A.

Endpoints

B.

Settings

C.

Investigate

D.

Alerts