[13-Feb-2021] New 5V0-91.20 Dumps with VCE and PDF from PassLeader (Update Questions)
100% valid 5V0-91.20 exam questions from PassLeader 5V0-91.20 dumps! Welcome to download the newest & 100% pass guarantee PassLeader 5V0-91.20 VCE and PDF dumps: https://www.passleader.com/5v0-91-20.html (65 Q&As –> 120 Q&As)
P.S. Free & New 5V0-91.20 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1YCYefg_Avm_sA4j8z9QOLjWpHToJvKmb
NEW QUESTION 1
An administrator has updated a Threat Intelligence Report by turning it into a watchlist and needs to disable (Ignore) the old Threat Intelligence Report. Where in the UI is this action not possible to perform?
A. Search Threat Reports Page
B. Threat Intelligence Feeds Page
C. Threat Report Page
D. Triage Alerts Page
Answer: B
NEW QUESTION 2
An administrator is concerned that someone may be using unauthorized commands from cmd.exe. These commands are not considered suspicious or malicious, and there is no policy based around them. Which page should the administrator use to find these commands?
A. Sensor Management
B. Investigate
C. Policies
D. Alerts
Answer: A
NEW QUESTION 3
An Endpoint Standard administrator is working with an IT team to explicitly permit specific applications from the environment using both the IT Tools and Certs Approved List features. Once applied, which reputation would these applications be classified under for processing?
A. Common White
B. Company White
C. Local White
D. Trusted White
Answer: D
NEW QUESTION 4
At which three frequencies may a Carbon Black Audit and Remediation administrator schedule the run of Live Queries? (Choose three.)
A. Monthly
B. Daily
C. Bi-Weekly
D. Weekly
E. Hourly
F. Any frequency
Answer: ABD
NEW QUESTION 5
What occurs when an administrator selects “enable private logging level” in Sensor Settings under Policy?
A. Delay execute for cloud scan is disabled.
B. Script Files that have unknown reputations are not uploaded.
C. Live Response is disabled.
D. Domain names are obfuscated.
Answer: B
NEW QUESTION 6
Which two statements are true regarding Live Response? (Choose two.)
A. Live Response can only be initiated through the user interface.
B. Live Response supports one user per session on an endpoint.
C. Live Response opens an SSH session with the remote device.
D. Live Response requires both view and manage permissions to use.
E. Live Response utilizes the same channel for sensor-server communications.
Answer: AE
NEW QUESTION 7
While an administrator is reviewing an alert, the device is observed beaconing to an unknown destination. Which action should be taken to stop this behavior?
A. Deregister the sensor.
B. Put the device in Bypass mode.
C. Place the device in Quarantine.
D. Assign the application to the Approved List.
Answer: B
NEW QUESTION 8
Which two statements are true about Carbon Black alerts? (Choose two.)
A. They can be grouped together.
B. Once received, it can be dismissed in bulk.
C. Once dismissed, the action cannot be undone.
D. Carbon Black does not generate alerts.
E. They are stored for 15 days.
Answer: DE
NEW QUESTION 9
Which ID in Endpoint Standard is associated with one specific action, involves up to three different hashes (Parent, Process, Target), and occurs on a single device at a specific time?
A. Threat ID
B. Process ID
C. Alert ID
D. Event ID
Answer: D
NEW QUESTION 10
What are three available methods in VMware Carbon Black App Control by which an endpoint (agent) can be assigned to a specific policy? (Choose three.)
A. By pushing the designated GPO script.
B. Via DASCLI command.
C. By installing the agent via SCCM.
D. Manual policy assignment.
E. By branded/policy-specific installer.
F. By Active Directory Mapping.
Answer: CDF
NEW QUESTION 11
Which value should an administrator use when reviewing an alert to determine the file reputation at the time the event occurred?
A. Cloud Reputation (Initial)
B. Effective Reputation
C. Local Reputation
D. Cloud Reputation (Current)
Answer: A
NEW QUESTION 12
An active compromise is detected on an endpoint. Due to current policies, the compromise was detected but not terminated. What would be an appropriate action to end the current communication between the device and the attacker?
A. Uninstall the sensor.
B. Place the system into bypass mode.
C. Place the system into Quarantine.
D. Remotely scan the endpoint.
Answer: B
NEW QUESTION 13
How long will Live Queries in Carbon Black Audit and Remediation run before timing out?
A. 30 days
B. 14 days
C. 180 days
D. 7 days
Answer: D
NEW QUESTION 14
Which strategy is used to create an exclusion in Endpoint Standard for another AV/security product?
A. Isolation Rule
B. Permission Rule
C. Approved List
D. Bypass Mode
Answer: C
NEW QUESTION 15
A process has created a number of interesting (executable) files in one sequence. In addition to the event Subtype ‘New Unapproved File to Computer’, what other event subtype is likely to be associated with this sequence?
A. File Upload Completed
B. New File Discovered on Startup
C. File Group Created
D. File Properties Modified
Answer: B
NEW QUESTION 16
……
100% valid 5V0-91.20 exam questions from PassLeader 5V0-91.20 dumps! Welcome to download the newest & 100% pass guarantee PassLeader 5V0-91.20 VCE and PDF dumps: https://www.passleader.com/5v0-91-20.html (65 Q&As –> 120 Q&As)
P.S. Free & New 5V0-91.20 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/drive/folders/1YCYefg_Avm_sA4j8z9QOLjWpHToJvKmb