Free VMware Carbon Black Cloud Endpoint Standard Skills Exam 5V0-93.22 Exam Practice Test

An administrator wants to prevent ransomware that has not been seen before, without blocking other processes.Which rule should be used?

• [Adware or PUP] [Scrapes memory of another process] [Deny operation]
• [Not listed application] [Performs ransomware-like behavior] [Terminate process
• [Unknown malware] [Runs or is running] [Terminate process]
• [Not listed application] [Runs or is running] [Terminate process]

An administrator wants to block an application by its path instead of reputation. The following steps have already been taken:Go to Enforce > Policies > Select the desired policy >Which additional steps must be taken to complete the task?

• Click Enforce > Add application path name
• Scroll down to the Permissions section > Click Add application path > Enter the path of the desired application
• Scroll down to the Blocking and Isolation section > Click Edit (pencil icon) for the desired Reputation
• Scroll down to the Blocking and Isolation section > Click Add application path > Enter the path of the desired application

An administrator needs to make sure all files are scanned locally upon execution. Which setting is necessary to complete this task?

• On-Access File Scan Mode must be set to Aggressive.
• Signature Update frequency must be set to 2 hours.
• Allow Signature Updates must be enabled.
• Run Background Scan must be set to Expedited.

The administrator has configured a permission rule with the following options selected: Application at path: C:\Users\*\Downloads\**Operation Attempt: Performs any operation Action: BypassWhat is the impact, if any, of using the wildcards in the path for this rule?

• Any executable in the downloads directory for any user on the system will be logged and allowed to execute.
• No files will be ignored from the downloads directory.
• Any executable in the downloads directory for any user on the system will be bypassed for inspection.
• Any executable in the downloads directory will be prevented from executing.

The VMware Carbon Black Cloud Sensor is not able to establish connectivity to the VMware Carbon Black Cloud Content Management URL over the standard SSL port TCP/443.Which port, if any, will be the tailback?

• TCP/54443
• TCP/80
• TCP/8443
• It will not fallback and fail.

What is a capability of VMware Carbon Black Cloud?

• Continuous and decentralized recording
• Attack chain visualization and search
• Real-time view of attackers
• Automation via closed SOAP APIs

Which command is used to immediately terminate a current Live Response session?

• kill
• detach -q
• delete
• execfg

An administrator needs to create a search, but it must exclude "system.exe". How should this task be completed?

• #process_name:system.exe
• *process_name:system.exe
• -process_name:system.exe

An administrator would like to proactively know that something may get blocked when putting a policy rule in the environment.How can this information be obtained?

• Search the data using the test rule functionality. B Examine log files to see what would be impacted
• Put the rules in and see what happens to the endpoints.
• D Determine what would happen based on previously used antivirus software

A recent application has been blocked using hash ban, which is an indicator that some users attempted an unexpected activity. Even though the activity was blocked, the security administrator wants to further investigate the attempt in VMware Carbon Black Cloud Endpoint Standard.Which page should the administrator navigate to for a graphical view of the event?

• Audit Log
• Watchlists
• Process Analysis
• Alert Triage