Free VMware Carbon Black Cloud Endpoint Standard Skills Exam 5V0-93.22 Exam Practice Test

An administrator notices that a sensor's local AV signatures are out-of-date. What effect does this have on newly discovered files?

• The reputation is determined by cloud reputation.
• The sensor prompts the end user to allow or deny the file.
• The sensor automatically blocks the new file.
• The sensor is unable to block a malicious file.

An organization is implementing policy rules. The administrator mentions that one operation attempt must use a Terminate Process action.Which operation attempt has this requirement?

• Performs ransom ware-like behavior
• Runs or is running
• Scrapes memory of another process D Invokes a command interpreter

An administrator wants to prevent malicious code that has not been seen before from retrieving credentials from the Local Security Authority Subsystem Service, without causing otherwise good applications from being blocked.Which rule should be used?

• [Unknown application] [Retrieves credentials] [Terminate process]
• [**/*.exe] [Scrapes memory of another process] [Terminate process]
• [**\lsass.exe] [Scrapes memory of another process] [Deny operation]
• [Not listed application] [Scrapes memory of another process] [Terminate process]

An administrator wants to prevent a spreadsheet from being misused to run malicious code, while minimizing the risk of breaking normal operations of a spreadsheet.Which rule should be used?

• **\Microsoft Office\** [Runs external code] [Terminate process]
• **\excel.exe [Invokes a command interpreter] [Deny operation]
• **/Microsoft Excel.app/** [Communicates over the network] [Terminate process]
• **\excel.exe [Runs malware] [Deny operation]

Which command is used to immediately terminate a current Live Response session?

• kill
• detach -q
• delete
• execfg

An administrator wants to prevent ransomware that has not been seen before, without blocking other processes.Which rule should be used?

• [Adware or PUP] [Scrapes memory of another process] [Deny operation]
• [Not listed application] [Performs ransomware-like behavior] [Terminate process
• [Unknown malware] [Runs or is running] [Terminate process]
• [Not listed application] [Runs or is running] [Terminate process]

An administrator needs to configure a policy for macOS and Linux Sensors, not enabling settings which are only applicable to Windows.Which three settings are only applicable to Sensors on the Windows operating system? (Choose three.)

• Delay execute for cloud scan
• Allow user to disable protection
• Submit unknown binaries for analysis
• Expedited background scan
• Scan execute on network drives
• Require code to uninstall sensor

A user downloaded and executed malware on a system. The malware is actively exfiltrating data. Which immediate action is recommended to prevent further exfiltration?

• Check Security Advisories and Threat Research contents.
• Place the device in quarantine.
• Run a background scan.
• Request upload of the file for analysis.

The administrator has configured a permission rule with the following options selected: Application at path: C:\Users\*\Downloads\**Operation Attempt: Performs any operation Action: BypassWhat is the impact, if any, of using the wildcards in the path for this rule?

• Any executable in the downloads directory for any user on the system will be logged and allowed to execute.
• No files will be ignored from the downloads directory.
• Any executable in the downloads directory for any user on the system will be bypassed for inspection.
• Any executable in the downloads directory will be prevented from executing.

An administrator has determined that the following rule was the cause for an unexpected block:[Suspected malware] [Invokes a command interpreter] [Terminate process] All reputations for the process which was blocked show SUSPECT_MALWARE.Which reputation was used by the sensor for the decision to terminate the process?

• Initial Cloud reputation
• Actioned reputation
• Current Cloud reputation
• Effective reputation