An analyst is investigating a specific alert in Endpoint Standard. The analyst selects the investigate button from the alert triage page and sees the following:Which statement accurately characterizes this situation?
Examine the following EDR query:file_desc:`Windows Command Processor` AND -process_name:cmd.exeWhich process will show in the query results?
Carbon Black App Control maintains an inventory of all interesting (executable) files on endpoints where the agent is installed.What is the initial inventory procedure called, and how can this process be triggered?
This search is entered into the process search page: notepad.exeWhich three statements about this query are true? (Choose three.)
A company wants to implement the strictest security controls for computers on which the software seldom changes (i.e., servers or single-purpose systems).Which Enforcement Level is the most fitting?
An analyst has investigated two alerts on two separate HR workstations and found that notepad.exe has established communication to another IP address.Which rule will kill notepad.exe entirely if this activity is detected in the future?
