5V0-91.20 Online Practice Questions and Answers

An administrator has configured a policy to run a standard background scan.

How long does this one-time scan take to complete on endpoints assigned to that policy?

A. 180 days

B. 30 days

C. 3-5 days

D. 1 day

An administrator is searching for any child processes of email clients with this query in Carbon Black Enterprise EDR:

parent_name:outlook.exe OR parent_name:thunderbird.exe OR parent_name:eudora.exe The administrator would like to modify this query to only show child processes that do not have a known reputation in the Carbon Black Cloud.

Which search field can be added to the query to show the desired results?

A. process_integrity_level

B. process_reputation

C. process_privileges

D. process_cloud_reputation

Which ID in Endpoint Standard is associated with one specific action, involves up to three different hashes (Parent, Process, Target), and occurs on a single device at a specific time?

A. Threat ID

B. Process ID

C. Alert ID

D. Event ID

What is the meaning, if any, of the event Report write (removable media)?

A. This event would never occur. App Control does not report activity on removable media.

B. A Policy's device control setting `Block writes to unapproved removable media' is set to Report Only. The event details show the process, file name, and hash modified or deleted on the removable media.

C. A Policy's device control setting `Block writes to unapproved removable media' is set to Report Only. The event details show the process and file name modified or deleted on the unapproved removable media.

D. A Policy's device control setting `Block writes to unapproved removable media' is set to Enabled. The event details show the process, file name, and hash modified or deleted on the removable media.

When executing a program in App Control, the notification message informs the user that the file is not approved with an option to request approval.

Which Enforcement level is currently enacted?

A. High

B. Low

C. Medium

D. Default

An alert for a device running a proprietary application is tied to a vital business operation. Which action is appropriate to take?

A. Add the application to the Approved List.

B. Terminate the process.

C. Deny the operation.

D. Quarantine the device.

An analyst is investigating an alert within Enterprise EDR. The alert is tied to an unusual process name. When navigating to the binary details page, for the binary used in the alert, the analyst sees the following:

The analyst wants to find any instances of this process executing regardless of the process name used.

Which two details from the binary can be used to search for the application regardless of the seen name? (Choose two.)

A. The binary's hash

B. The path

C. The original filename

D. The product version

E. The publisher name

Which reputation has the highest priority in Cloud Endpoint Standard?

A. Unknown

B. Adware/PUP Malware

C. Known Malware

D. Ignore

An Endpoint Standard administrator finds a binary in the environment and decides to manually add the file hash to the Banned List.

Which reputation does the file now have?

A. Suspect/Heuristic Malware

B. Company Black

C. Adware/PUP Malware

D. Known Malware

An administrator is interested in upgrading endpoints to the latest release in VMware Carbon Black App Control (V8.1.4+).

What is the first step to make a new agent available for installation or upgrade?

A. Download from the Carbon Black Cloud Back End

B. Download from the Carbon Black App Control Server

C. Download from the Carbon Black User Exchange

D. Download from the Carbon Black Software Reputation Service (SRS)