Free VMware Carbon Black Portfolio Skills Exam 5V0-91.20 Exam Practice Test

An analyst wants to block an application's specific behavior but does not want to kill the process entirely as it is heavily used on workstations. The analyst needs to use a Blocking and Isolation Action to ensure that the process is kept alive while blocking further unwanted activity.Which Blocking and Isolation Action should the analyst use to accomplish this goal?

• Log Operation
• Deny Operation
• Terminate Process
• Block Process

Which statement is true about configuring VMware Carbon Black Application Control for use on non-persistent virtual machines (VM's)?

• The endpoint housing the agent template must always be on/running except when updating the image.
• The gold image housing the agent template must be digitally signed to ensure the integrity of the agent cache.
• The endpoint housing the agent template must always be off except when updating the image.
• The agent running on the template machine must not be initialized before deploying clones.

At which three frequencies may a Carbon Black Audit and Remediation administrator schedule the run of Live Queries? (Choose three.)

• Monthly
• Daily
• Bi-Weekly
• Weekly
• Hourly
• Any frequency

Which statement is true about Carbon Black Live Response (CBLR)?

• CBLR sessions do not need to wait for the next sensor check-in.
• CBLR is disabled by default.
• CBLR is only available on Windows Endpoints.
• CBLR cannot be accessed through the API.

Examine the following EDR query:file_desc:''Windows Command Processor'' AND -process_name:cmd.exeWhich process will show in the query results?

• Any process named something other than cmd.exe with the file description of ''Windows Command Processor''
• Any process with the binary file description ''Windows Command Processor''
• Any process with the binary file description ''Windows Command Processor'' named cmd.exe
• Any process named cmd.exe

Which Live Query statement is properly constructed?

• SELECT * FROM 'users'
• select * from *:
• select from users;
• SELECT * FROM users;

Carbon Black App Control maintains an inventory of all interesting (executable) files on endpoints where the agent is installed.What is the initial inventory procedure called, and how can this process be triggered?

• Inventorying; enable Discovery mode
• Baselining; install the agent
• Discovery; place agent into Disabled mode
• Initialization; move agent out of Disabled mode

Which list below captures all Enforcement Levels for App Control policies?

• Critical, Lockdown, Monitored, Tracking, Banning
• High Enforcement, Medium Enforcement, Low Enforcement
• High Enforcement, Medium Enforcement, Low Enforcement, None (Visibility), None (Disabled)
• Control, Local Approval, Disabled

An administrator needs to check configurations using Audit across several policies and locations within the organization.How can the administrator run the query to only these specific devices?

• Specify endpoints on the query by selecting the check box for each device.
• Specify endpoints on the query by typing the sensor name into the text box, selecting the device. Repeat as necessary for all devices.
• Specify the policy for the endpoints on the query, and then select the check box for each device.
• Specify the policy for the endpoints on the query, and then type the sensor name into the text box, selecting the devices. Repeat as necessary for all devices.

Which statement is true when searching through the EDR server UI?

• The backslash \ is the character to escape characters.
• Whitespaces between search terms imply the OR operator.
• The percent symbol % is the character to represent a wildcard.
• The exclamation point ! is the character to represent negation.