[2021] Use Valid New Free 5V0-91.20 Exam Dumps & Answers
5V0-91.20 Braindumps PDF, VMware 5V0-91.20 Exam Cram
Who should take the VMware 5V0-91.20: VMware Carbon Black Portfolio Skills Exam
The VMware 5V0-91.20: VMware Carbon Black Portfolio Skills Exam credential is a globally recognized certification that helps to validate all practitioners who choose to create a career in VmWare UEM. VMware Workspace ONE Unified Endpoint Management Specialist 2019 assesses the candidate’s fundamental expertise and demonstrated know-how in VMware Workspace ONE Unified Endpoint Management 2019. In order to seek a strong increase in job development, an applicant requires improved experience, expertise and talents. The VMware 5V0-91.20: VMware Carbon Black Portfolio Qualification proves that specialized experience and ability such as UEM integration, how UEM Workspace Endpoints can be resolved and so on.
NEW QUESTION 20
Why would a sensor have a status of "Inactive"?
- A. The sensor has been uninstalled from the endpoint for more than 30 days.
- B. The device has been put in bypass for the last 30 days.
- C. The sensor has been in disabled mode for more than 30 days.
- D. The sensor has not checked in within the last 30 days.
Answer: D
NEW QUESTION 21
Which two statements are true regarding Live Response? (Choose two.)
- A. Live Response requires both view and manage permissions to use.
- B. Live Response supports one user per session on an endpoint.
- C. Live Response opens an SSH session with the remote device.
- D. Live Response utilizes the same channel for sensor-server communications.
- E. Live Response can only be initiated through the user interface.
Answer: D,E
NEW QUESTION 22
An administrator wants to query the status of the firewall for all endpoints. The administrator will query the registry key found here HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
\StandardProfile.
To make the results easier to understand, the administrator wants to return either enabled or disabled for the results, rather than the value from the registry key.
Which SQL statement will rewrite the output based on a specific result set returned from the system?
- A. AS
- B. SELECT
- C. ALTER
- D. CASE
Answer: D
NEW QUESTION 23
A process wrote an executable file as detailed in the following event:
Which rule type should be used to ensure that files of the same name and path, written by that process in the future, will not be blocked when they execute?
- A. File Creation Control
- B. Trusted Publisher
- C. Advances (Write-Ignore)
- D. Trusted Path
Answer: A
NEW QUESTION 24
Which Live Query statement is properly constructed?
- A. select * from *:
- B. SELECT * FROM users;
- C. select from users;
- D. SELECT * FROM 'users'
Answer: B
NEW QUESTION 25
Which ID in Endpoint Standard is associated with one specific action, involves up to three different hashes (Parent, Process, Target), and occurs on a single device at a specific time?
- A. Threat ID
- B. Alert ID
- C. Process ID
- D. Event ID
Answer: D
NEW QUESTION 26
Which reputation has the highest priority in Cloud Endpoint Standard?
- A. Known Malware
- B. Ignore
- C. Unknown
- D. Adware/PUP Malware
Answer: A
NEW QUESTION 27
An analyst has investigated two alerts on two separate HR workstations and found that notepad.exe has established communication to another IP address.
Which rule will kill notepad.exe entirely if this activity is detected in the future?
- A. **/system32/notepad.exe--> Communicates over the network --> Deny operation
- B. **\system32\notepad.exe --> Runs or is Running --> Deny operation
- C. **/system32/notepad.exe --> Runs or is Running --> Terminate process
- D. **\system32\notepad.exe --> Communicates over the network --> Terminate process
Answer: C
NEW QUESTION 28
What are the three available methods in VMware Carbon Black App Control by which an endpoint (agent) can be assigned to a specific policy? (Choose three.)
- A. By pushing the designated GPO script
- B. By Active Directory Mapping
- C. By branded/policy-specific installer
- D. Manual policy assignment
- E. By installing the agent via SCCM
- F. Via DASCLI command
Answer: B,D,E
NEW QUESTION 29
An authorized administrator plans to remove the App Control agent from a computer.
Which Enforcement Level must a computer be in before the agent can be uninstalled?
- A. Visibility
- B. Low Enforcement
- C. None (Disabled)
- D. Any Enforcement Level
Answer: D
NEW QUESTION 30
An administrator uses the following Enterprise EDR search query to show web browsers spawning nonbrowser child processes that connect over the network:
(parent_name:chrome.exe OR parent_name:iexplore.exe OR parent_name:firefox.exe) AND (NOT process_name:chrome.exe OR NOT process_name:iexplore.exe OR NOT process_name:firefox.exe) Which field can be added to this query to filter the results by signature status?
- A. childproc_reputation
- B. process_publisher_state
- C. childproc_publisher_state
- D. process_publisher
Answer: A
NEW QUESTION 31
A process is writing numerous interesting files that never actually execute.
Which rule type can the administrator define that will prevent reporting these file creations?
- A. Execute Ignore
- B. Expert (Tag Process, Terminate Process)
- C. Performance Optimization
- D. File Creation Control (Suppress)
Answer: C
NEW QUESTION 32
An administrator wants to find instances where the binary Is unsigned.
Which term will accomplish this search?
- A. process_publisher:FILE_SIGNATURE_STATE_NOT_SIGNED
- B. process_publisher_state:FILE_SIGNATURE_STATE_NOT_SIGNED
- C. NOT process_publisher:FILE_SIGNATURE_STATE_SIGNED
- D. NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNED
Answer: D
NEW QUESTION 33
An administrator is troubleshooting App Control agent issues. When navigating to the Computer Details page, the administrator sees the following:
What is the status of the WINDOWS-CLIENT agent?
- A. Disconnected and Up to date
- B. Connected and Up to date
- C. Connected but unsupported
- D. Connected but health check failed
Answer: A
NEW QUESTION 34
Refer to the exhibit:
Which statement is true in regards to communication between the sensor and server?
- A. The communication is unencrypted.
- B. The sensor will communicate on a non-default port.
- C. The server must have an entry in the host file for cb.yourcompany.com.
- D. The sensor must be able to resolve the name cb.yourcompany.com.
Answer: A
NEW QUESTION 35
Which identifier is shared by all events when an alert is investigated?
- A. Priority Score
- B. Alert ID
- C. Process ID
- D. Event ID
Answer: D
NEW QUESTION 36
An administrator is searching for any child processes of email clients with this query in Carbon Black Enterprise EDR:
parent_name:outlook.exe OR parent_name:thunderbird.exe OR parent_name:eudora.exe The administrator would like to modify this query to only show child processes that do not have a known reputation in the Carbon Black Cloud.
Which search field can be added to the query to show the desired results?
- A. process_integrity_level
- B. process_privileges
- C. process_cloud_reputation
- D. process_reputation
Answer: D
NEW QUESTION 37
An administrator is creating a query per policy for Audit and Remediation. The administrator ran several recommended queries already but notices they are unable to run the same recommended query for one of their policies. The run button is grayed out.
Which statement correctly explains why the run button is unavailable?
- A. The number of consecutive running queries is limited.
- B. The administrator needs the use live query permission.
- C. The query or table is not supported within osquery.
- D. The sensors in the policy do not support the table or query.
Answer: B
NEW QUESTION 38
An administrator has updated a Threat Intelligence Report by turning it into a watchlist and needs to disable (Ignore) the old Threat Intelligence Report.
Where in the UI is this action not possible to perform?
- A. Search Threat Reports Page
- B. Triage Alerts Page
- C. Threat Report Page
- D. Threat Intelligence Feeds Page
Answer: D
NEW QUESTION 39
......
VMware 5V0-91.20 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
Feel VMware 5V0-91.20 Dumps PDF Will likely be The best Option: https://testking.exams-boost.com/5V0-91.20-valid-materials.html