5V0-91.20 VMware Carbon Black Portfolio Skills Exam Dumps
February 19,2021 02:54 AM
Latest VMware certification 5V0-91.20 exam dumps questions have been cracked, which are valuable for you to prepare the test. The VMware Carbon Black Portfolio Skills 5V0-91.20 exam validates your knowledge on how to use the capabilities of the products according to the organization’s security posture and organizational policies. To prepare VMware 5V0-91.20 exam well, the following VMware Carbon Black Portfolio Skills 5V0-91.20 exam information is helpful in the preparation.
About VMware 5V0-91.20 Exam
Number of Questions: 60
Duration: 150
Passing Score: 300
Format: Single and Multiple Choice, Proctored
Exam Language: English
VMware 5V0-91.20 Exam Objectives
VMware Carbon Black Portfolio Skills 5V0-91.20 exam objectives cover the following sections.
Section 1 Introduction
Section 2 VMware Products and Solutions
Section 3 VMware Carbon Black EDR
Section 4 VMware Carbon Black Cloud Endpoint Standard
Section 5 VMware Carbon Black Cloud Endpoint EDR
Section 6 VMware Carbon Black Cloud Audit and Remediation
Practice VMware 5V0-91.20 Exam Dumps
VMware 5V0-91.20 exam dumps can help you test the above objectives. Share some VMware Carbon Black Portfolio Skills 5V0-91.20 exam dumps questions below.
1.How is a new Alert of type Event Alert created whenever an endpoint is added or deleted and send emails for the App Control admin whenever these events occur?
A. Add filter in Event Properties for Subtype Computer added and Computer deleted. Click Create and add the App Control admin email, and then click Create & Exit.
B. Add filter in Event Properties for Subtype Endpoint added and Endpoint deleted. Click Create and add the App Control admin email, and then click Create &. Exit.
C. Add filter in Event Properties for Subtype Computer modified. Add the App Control admin email, and then click Create & Exit.
D. Add filter in Event Properties for Subtype Computer added and Computer deleted. Add the App Control admin email, and then click Create & Exit.
Answer: C
2.Review the following EDR query:
parent_name:outlook.exe AND -alliance_score_srstrust:* AND -digsig_result: "Signed' Which process
would show in the query results?
A. Processes invoking outlook.exe that have an SRS Trust value and that are not digitally signed.
B. Processes invoked by outlook.exe that do not have an SRS Trust value and that are not digitally signed.
C. Processes invoked by outlook.exe that have an SRS Trust value and that are digitally signed.
D. Processes invoking outlook.exe that do not have an SRS Trust value and that are not digitally signed.
Answer: A
3.How long will Live Queries in Carbon Black Audit and Remediation run before timing out?
A. 14 days
B. 180 days
C. 30 days
D. 7 days
Answer: D
4.An administrator runs the following query in Audit and Remediation:
SELECT *
FROM users
WHERE UID >= 500;
How long will this query stay active and accept data from the sensors?
A. 30 days
B. 14 days
C. 1 day
D. 7 days
Answer: A
5. A watchlist generates a false positive on the Triage Alerts page, so the watchlist must be updated. How should this task be accomplished?
A. One can update watchlists from the Process Search Page.
B. One can update watchlists directly on the Triage Alerts Page using the pencil icon.
C. Open the Watchlist Page and click the pencil button associated with the watchlist.
D. Open the process analysis page and select the Add Watchlist Exclusion option from the Actions menu.
Answer: B
5V0-91.20 Exam Dumps PDF & SOFT | 1 Year Free Update | Money Back Guarantee