[10-June-2021] New 5V0-91.20 Dumps with VCE and PDF from PassLeader (Update Questions)

100% valid 5V0-91.20 exam questions from PassLeader 5V0-91.20 dumps! Welcome to download the newest & 100% pass guarantee PassLeader 5V0-91.20 VCE and PDF dumps: https://www.passleader.com/5v0-91-20.html (120 Q&As)

P.S. Free & New 5V0-91.20 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1YCYefg_Avm_sA4j8z9QOLjWpHToJvKmb

NEW QUESTION 101
There is a need to ignore all activity at an application path. Which rule definition should be used to address this need?

A.    Application at Path, Performs any operation, Bypass.
B.    Application at Path, Runs or is Running, Bypass.
C.    Application at Path, Runs or is Running, Allow & Log.
D.    Application at Path, Performs any operation, Allow & Log.

Answer: A
Explanation:
https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-Console-How-to-Setup-Exclusions-in-the/ta-p/42334

NEW QUESTION 102
What is the maximum number of bi aries (hashes) that can be banned using the web console?

A.    500
B.    600
C.    300
D.    400

Answer: C

NEW QUESTION 103
An analyst is investigating an alert within the Enterprise ED console and needs to take action on it. Which three actions are available to take on the alert? (Choose three.)

A.    Ignore alert.
B.    Dismiss.
C.    Dismiss on all devices if grouping is enabled.
D.    Edit watchlist.
E.    Save report.
F.    Notifications history.

Answer: BCE
Explanation:
http://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-How-to-Dismiss-Alerts/ta-p/51766

NEW QUESTION 104
An administrator wants to allow files to run from a network share. Which rule type should the administrator configure?

A.    Execute Prompt (Shared Path)
B.    Trusted Path
C.    Network Execute (Allow)
D.    Write Approve (Network)

Answer: A

NEW QUESTION 105
In which two ways can the tamper protection on an App Control agent be disabled when diagnosing agent issues or removing the agent? (Choose two.)

A.    From the Computer Details page on the web console.
B.    From the Files on Computers page on the web console.
C.    Run authenticated DasCLI on Windows command prompt.
D.    Run RepCLI on Windows command prompt.
E.    From the File Catalog page on the web console.

Answer: AC
Explanation:
https://community.carbonblack.com/t5/Knowledge-Base/App-Control-How-to-Disable-Enable-Tamper-Protection/ta-p/37220

NEW QUESTION 106
An analyst is reviewing an alert in Enterprise EDR from a custom watchlist. The analyst disagrees with the alert severity rating. How can the analyst change the alert severity value, if this is possible?

A.    The alert severity is assigned by the backend analytics.
B.    The alert severity is not configurable.
C.    Change the alert severity on the watchlist.
D.    Change the alert severity on the report.

Answer: C

NEW QUESTION 107
Which Sensor Status under Endpoint Health indicates that a system’s policy enforcement is disabled, and the sensor is not sending securi y event data to the cloud?

A.    Quarantined
B.    Deregistered
C.    Inactive
D.    Bypass

Answer: D
Explanation:
https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-What-Happens-When-Bypass-has-been-Enabled-on-the/ta-p/74905

NEW QUESTION 108
What information does the Alert Details panel provide on the Alert Triage page in Endpoint Standard?

A.    Threat ID
B.    Process ID
C.    Device ID
D.    Alert ID

Answer: A

NEW QUESTION 109
What does the Aggressive setting do when configured in Local Scan Settings?

A.    It adds a temporary reputation.
B.    It scans all files on execution.
C.    It scans new files on first execution.
D.    It enables signature updates for the scanner.

Answer: C
Explanation:
https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-How-To-Configure-Local-AV-Scan/ta-p/89051

NEW QUESTION 110
An Enterprise EDR administrator wants to use Watchlists curated by VMware Carbon Black and other threat intelligence specialists. How should the administrator add these curated Watchlists from the Watchlists page?

A.    Click Add Watchlists, and input the URL(s) for the desired Watchlists.
B.    Click Take Action, select Edit, and select the desired Watchlists.
C.    Click Take Action, and select Subscribe for the desired Watchlists.
D.    Click Add Watchlists, on the Subscribe tab select the desired Watchlists, and click Subscribe.

Answer: A

NEW QUESTION 111
Which statement is true about Carbon Black Live Response (CBLR)?

A.    CBLR sessions do not need to wait for the next sensor check-in.
B.    CBLR is disabled by default.
C.    CBLR is only available on Windows Endpoints.
D.    CBLR cannot be accessed through the API.

Answer: B
Explanation:
https://community.carbonblack.com/t5/Knowledge-Base/Cb-Response-Go-Live-Button-is-Grayed-Out/ta-p/41205

NEW QUESTION 112
A company uses Audit and Remediation to check configurations and adhere to compliance regulations. The regulations require monthly reporting and twelve months of data retained. How can an administrator accomplish this requirement with Audit and Remediation?

A.    Schedule the query to run monthly, and set the data retention to 12 months for the query.
B.    Schedule the query to run monthly, and configure the audit log retention to 12 months.
C.    Schedule the query to run monthly, and no further action is required.
D.    Schedule the query to run monthly, and export the results for each run to an external location.

Answer: D

NEW QUESTION 113
What are three ways to ignore a feed report within the EDR user interface? (Choose three.)

A.    Threat Reports Details page.
B.    Threat Intelligence Feeds page.
C.    Investigations page.
D.    Search Threat Reports page.
E.    Alert Dashboard page.
F.    After marking a feed alert as a false positive.

Answer: ABF
Explanation:
https://community.carbonblack.com/t5/Knowledge-Base/EDR-How-to-Customize-a-Feed-to-Prevent-False-Positives/ta-p/64413

NEW QUESTION 114
App Control System Health email alerts for excessive agent backlog are occurring hourly. This is overwhelming the analysts, and they would like to reduce the notifications. How can the analyst reduce the unneeded alerts?

A.    Set the email address for subscribers to an invalid email.
B.    Change reminder email to daily or disabled.
C.    Disable the alert.
D.    Delete the alert.

Answer: B

NEW QUESTION 115
An organization leverages a commonly used software distribution tool to manage deployment of enterprise software and updates. Custom rules are a suitable option to ensure the approval of files delivered by this tool. Which other trust mechanism could the organization configure for large-scale approval of these files?

A.    Windows Update
B.    Trusted Distributor
C.    Local Approval Mode
D.    Rapid Config

Answer: C
Explanation:
https://uit.stanford.edu/service/cbprotect/approval-mechanisms

NEW QUESTION 116
An analyst wants to block an application’s specific behavior but does not want to kill the process entirely as it is heavily used on workstations. The analyst needs to use a Blocking and Isolation Action to ensure that the process is kept alive while blocking further unwanted activity. Which Blocking and Isolation Action should the analyst use to accomplish this goal?

A.    Log Operation
B.    Deny Operation
C.    Terminate Process
D.    Block Process

Answer: B

NEW QUESTION 117
Which wildcard configuration applies a policy to all files and subfolders in a specific folder in Endpoint Standard?

A.    C:\Program Files\example\$$
B.    C:\Program Files\example\**
C.    C:\Program Files\example\$
D.    C:\Program Files\example\*

Answer: B
Explanation:
https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-How-to-Create-Policy-Blocking-Isolation-and/ta-p/65941

NEW QUESTION 118
An alert for a device running a proprietary application is tied to a vital business operation. Which action is appropriate to take?

A.    Add the application to the Approved List.
B.    Terminate the process.
C.    Deny the operation.
D.    Quarantine the device.

Answer: A

NEW QUESTION 119
……


100% valid 5V0-91.20 exam questions from PassLeader 5V0-91.20 dumps! Welcome to download the newest & 100% pass guarantee PassLeader 5V0-91.20 VCE and PDF dumps: https://www.passleader.com/5v0-91-20.html (120 Q&As)

P.S. Free & New 5V0-91.20 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1YCYefg_Avm_sA4j8z9QOLjWpHToJvKmb