Create Next App

Exam contains 52 questions

Page 4 of 9

Question 19 🔥

Given an event rule: Approve nVidia Drivers, changes the local state to Approved for file writes or execution blocks when the publisher is NVIDIA Corporation.How is an alert created that is triggered whenever an nVidia driver is approved by the event rule?

Which database solution meets these requirements?

A. Add a new Alert of type Event Alert. Set Subtype to New unapproved file to computer and Execution block (unapproved file) and Publisher to NVIDIA Corporation. Click Create and add email recipients.

Highly voted

B. Click Create Alert on the event rule Approve nVidia Drivers details page. Click Create and add email recipients. Create and Exit.

Highly voted

C. Click Create Alert on the event rule Approve nVidia Drivers details page. Add email recipients. Create and Exit.

Highly voted

D. Create a custom rule name Approve nVidia that approves writes or blocks when the publisher is NVIDIA Corporation. Create an alert for rule name Approve nVidia. Click Create and add email recipients.

Highly voted

Discussion of the question

Question 20 🔥

An Endpoint Standard analyst runs the query in the graphic below:Which three statements are true from the results shown? (Choose three.)

Which database solution meets these requirements?

A. The process is a PowerShell process running a script with a .ps1 extension.

Highly voted

B. The process has a threat score greater than 4.

Highly voted

C. The process made a network connection to another system.

Highly voted

D. The process had a NOT_LISTED reputation at the time the event occurred.

Highly voted

E. The process was run under the NT_AUTHORITY\SYSTEM user context.

Highly voted

F. The process was able to inject code into another process.

Highly voted

Discussion of the question

Question 21 🔥

An administrator receives an alert with the TTP DATA_TO_ENCRYPTION.What is known about the alert based on this TTP even if other parts of the alert are unknown?

Which database solution meets these requirements?

A. A process attempted to delete encrypted data on the disk.

Highly voted

B. A process attempted to write a file to the disk.

Highly voted

C. A process attempted to modify a monitored file written by the sensor.

Highly voted

D. A process attempted to transfer encrypted data on the disk over the network.

Highly voted

Discussion of the question

Question 22 🔥

How can an analyst disregard alerts on multiple devices with the least amount of administrative effort?

Which database solution meets these requirements?

A. Select the ג€Dismiss on all devicesג€ option.

Highly voted

B. Make a note in the Notes/Tags option.

Highly voted

C. Search by hash and dismiss.

Highly voted

D. Turn off the Group Alerts option.

Highly voted

Discussion of the question

Question 23 🔥

What is the meaning, if any, of the event Report write (removable media)?

Which database solution meets these requirements?

A. This event would never occur. App Control does not report activity on removable media.

Highly voted

B. A Policy's device control setting 'Block writes to unapproved removable media' is set to Report Only. The event details show the process, file name, and hash modified or deleted on the removable media.

Highly voted

C. A Policy's device control setting 'Block writes to unapproved removable media' is set to Report Only. The event details show the process and file name modified or deleted on the unapproved removable media.

Highly voted

D. A Policy's device control setting 'Block writes to unapproved removable media' is set to Enabled. The event details show the process, file name, and hash modified or deleted on the removable media.

Highly voted

Discussion of the question

Question 24 🔥

An analyst has investigated two alerts on two separate HR workstations and found that notepad.exe has established communication to another IP address.Which rule will kill notepad.exe entirely if this activity is detected in the future?

Which database solution meets these requirements?

A. **\system32\notepad.exe --> Communicates over the network --> Terminate process

Highly voted

B. **\system32\notepad.exe --> Runs or is Running --> Deny operation

Highly voted

C. **/system32/notepad.exe --> Runs or is Running --> Terminate process

Highly voted

D. **/system32/notepad.exe--> Communicates over the network --> Deny operation

Highly voted

Discussion of the question

Ready to Pass Your Certification Test

vmware 5V0_9120

Exam contains 52 questions

Lorem ipsum dolor sit amet consectetur. Eget sed turpis aenean sit aenean. Integer at nam ullamcorper a.

Company

Product

Resources

Follow us