Create Next App

Exam contains 52 questions

Page 3 of 9

Question 13 🔥

Review the following search:childproc_name:`rundll32.exe` AND -digsig_result:`Signed` AND path:c:\windows\*What is this search looking for?

Which database solution meets these requirements?

A. Processes being launched by rundll32.exe running out of the windows directory that are not signed

Highly voted

B. Instances of rundll32.exe running out of the windows directory that are not signed

Highly voted

C. Instances of rundll32.exe running out of the windows directory that are signed

Highly voted

D. Processes launching rundll32.exe running out of the windows directory that are not signed

Highly voted

Discussion of the question

Question 14 🔥

Which reputation is processed with the lowest priority for Endpoint Standard?

Which database solution meets these requirements?

A. Local White

Highly voted

B. Known Malware

Highly voted

C. Trusted White

Highly voted

D. Common White

Highly voted

Discussion of the question

Question 15 🔥

Which statement is true about Carbon Black Live Response (CBLR)?

Which database solution meets these requirements?

B. CBLR is disabled by default.

Highly voted

A. CBLR sessions do not need to wait for the next sensor check-in.

Highly voted

C. CBLR is only available on Windows Endpoints.

Highly voted

D. CBLR cannot be accessed through the API.

Highly voted

Discussion of the question

Question 16 🔥

Management has directed that the SOC team be enabled to create global file bans via the App Control API.How would this be configured in the App Control Console?

Which database solution meets these requirements?

A. Create a Role, map to corresponding SOC group, and add permission ג€Manage filesג€ to Role.

Highly voted

B. Add permission ג€Manage filesג€ and create an API token for each SOC user.

Highly voted

C. Create a Role, map to the corresponding SOC group, add permission ג€Manage filesג€, and create API token for the Role.

Highly voted

D. Create a Role, map it to the corresponding SOC group, add permission ג€Manage filesג€ to Role, and create an API token for each user in group.

Highly voted

Discussion of the question

Question 17 🔥

An administrator is creating a query per policy for Audit and Remediation. The administrator ran several recommended queries already but notices they are unable to run the same recommended query for one of their policies. The run button is grayed out.Which statement correctly explains why the run button is unavailable?

Which database solution meets these requirements?

A. The sensors in the policy do not support the table or query.

Highly voted

B. The administrator needs the use live query permission.

Highly voted

C. The number of consecutive running queries is limited.

Highly voted

D. The query or table is not supported within osquery.

Highly voted

Discussion of the question

Question 18 🔥

An analyst has investigated two alerts on two separate HR workstations and found that notepad.exe has established communication to another IP address.Which rule will kill notepad.exe entirely if this activity is detected in the future?

Which database solution meets these requirements?

A. **\system32\notepad.exe --> Communicates over the network --> Terminate process

Highly voted

B. **\system32\notepad.exe --> Runs or is Running --> Deny operation

Highly voted

C. **/system32/notepad.exe --> Runs or is Running --> Terminate process

Highly voted

D. **/system32/notepad.exe--> Communicates over the network --> Deny operation

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

vmware 5V0_9120

Exam contains 52 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us