An administrator needs to query all endpoints in the HR group for instances of an obfuscated copy of cmd.exe.Given this Enterprise EDR query:process_name:cmd.exe AND device_group:HR AND NOT enriched:trueWhich example could be added to the query to provide the desired results?
App Control System Health email alerts for excessive agent backlog are occurring hourly. This is overwhelming the analysts, and they would like to reduce the notifications.How can the analyst reduce the unneeded alerts?
An analyst wants to block an application's specific behavior but does not want to kill the process entirely as it is heavily used on workstations. The analyst needs to use a Blocking and Isolation Action to ensure that the process is kept alive while blocking further unwanted activity.Which Blocking and Isolation Action should the analyst use to accomplish this goal?
An administrator wants to query the status of the firewall for all endpoints. The administrator will query the registry key found hereHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile.To make the results easier to understand, the administrator wants to return either enabled or disabled for the results, rather than the value from the registry key.Which SQL statement will rewrite the output based on a specific result set returned from the system?
Refer to the exhibit:Which two logic statements correctly explain filtering within the UI? (Choose two.)
An organization leverages a commonly used software distribution tool to manage deployment of enterprise software and updates. Custom rules are a suitable option to ensure the approval of files delivered by this tool.Which other trust mechanism could the organization configure for large-scale approval of these files?
