• Home
  • Articles
  • Updated Jan 14, 2022 5V0-91.20 Exam Dumps - PDF Questions and Testing Engine [Q60-Q78]

Updated Jan 14, 2022 5V0-91.20 Exam Dumps - PDF Questions and Testing Engine [Q60-Q78]

Share

Updated Jan 14, 2022 5V0-91.20  Exam Dumps - PDF Questions and Testing Engine

New (2022) VMware 5V0-91.20  Exam Dumps


How to book the VMware 5V0-91.20: VMware Carbon Black Portfolio Skills Exam

These are following steps for registering the VMware 5V0-91.20: VMware Carbon Black Portfolio Skills exam.

  • Step 1: Visit to VMware Exam Registration
  • Step 2: Sign up/Login to VMware account
  • Step 3: Select local center based on your country, date, time and confirm with a payment method.
  • Step 4: Complete the payment process

 

NEW QUESTION 60
Which reputation is processed with the lowest priority for Endpoint Standard?

  • A. Trusted White
  • B. Local White
  • C. Known Malware
  • D. Common White

Answer: C

 

NEW QUESTION 61
An administrator needs to query all endpoints in the HR group for instances of an obfuscated copy of cmd.exe.
Given this Enterprise EDR query:
process_name:cmd.exe AND device_group:HR AND NOT enriched:true
Which example could be added to the query to provide the desired results?

  • A. NOT process_original_filename:cmd.exe
  • B. NOT process_name:cmd.exe
  • C. NOT process_internal_name:cmd.exe
  • D. NOT process_company_name:cmd.exe

Answer: B

 

NEW QUESTION 62
An analyst has investigated multiple alerts on a number of HR workstations and found that java.exe is attempting to PowerShell. Of the Windows workstations in question, the analyst has also found that Java is installed in multiple locations. The analyst needs to block java.exe from this type of operation.
Which rule meets this need?

  • A. **\java.exe -> Invokes a command interpreter -> Deny operation
  • B. **\Program Files\*\java.exe -> Invokes a command interpreter -> Terminate process
  • C. **/java.exe -> Invokes an untrusted process -> Terminate process
  • D. **/Program Files/*/java.exe-> Invokes an untrusted process -> Deny operation

Answer: B

 

NEW QUESTION 63
Refer to the exhibit:

Which two statements are true about Carbon Black Live Response (CBLR)? (Choose two.)

  • A. CBLR is enabled.
  • B. A CBLR session is established.
  • C. A CBLR session is not attached.
  • D. A CBLR session already exists.
  • E. CBLR is disabled.

Answer: C,D

 

NEW QUESTION 64
What is the meaning, if any, of the event Report write (removable media)?

  • A. This event would never occur. App Control does not report activity on removable media.
  • B. A Policy's device control setting 'Block writes to unapproved removable media' is set to Report Only. The event details show the process and file name modified or deleted on the unapproved removable media.
  • C. A Policy's device control setting 'Block writes to unapproved removable media' is set to Enabled. The event details show the process, file name, and hash modified or deleted on the removable media.
  • D. A Policy's device control setting 'Block writes to unapproved removable media' is set to Report Only. The event details show the process, file name, and hash modified or deleted on the removable media.

Answer: B

 

NEW QUESTION 65
An Endpoint Standard administrator finds a binary in the environment and decides to manually add the file hash to the Banned List.
Which reputation does the file now have?

  • A. Suspect/Heuristic Malware
  • B. Known Malware
  • C. Company Black
  • D. Adware/PUP Malware

Answer: A

 

NEW QUESTION 66
An administrator observes the following event detail in the Investigate tab for an application with an unknown reputation making network connections:

Upon further review of the event details returned, the reputation is observed as NOT_LISTED, and the applied (cloud) reputation is UNKNOWN.
Why is the applied (cloud) reputation UNKNOWN and not NOT_LISTED?

  • A. The sensor demoted the local reputation from UNKNOWN to NOT_LISTED based on the coud reputation.
  • B. The application was UNKNOWN at the time of the event but then later determined to be NOT_LISTED.
  • C. NOT_LISTED was applied by the sensor after observing no cloud reputation, as evidenced by the applied cloud reputation UNKNOWN.
  • D. The sensor demoted the local reputation from NOT_LISTED to UNKNOWN based on the cloud reputation.

Answer: B

 

NEW QUESTION 67
A Carbon Black Cloud Endpoint Standard analyst is testing different search operator combinations.
Which two queries produce the same result? (Choose two.)

  • A. process_narne:chrome.exe NOT netconn_domain:google.com
  • B. process_name:chrome.exe OR NOT netconn_domain:google.com
  • C. process_name:chrome.exe netconn_domain:google.com
  • D. process_name:chrome.exe AND NOT netconn_domain:google.com
  • E. process_name:chrome.exe OR netconn_domain:google.com

Answer: A,B

 

NEW QUESTION 68
Which value should an administrator use when reviewing an alert to determine the file reputation at the time the event occurred?

  • A. Cloud Reputation (Initial)
  • B. Effective Reputation
  • C. Local Reputation
  • D. Cloud Reputation (Current)

Answer: A

 

NEW QUESTION 69
An Enterprise EDR administrator wants to use Watchlists curated by VMware Carbon Black and other threat intelligence specialists.
How should the administrator add these curated Watchlists from the Watchlists page?

  • A. Click Take Action, and select Subscribe for the desired Watchlists.
  • B. Click Add Watchlists, and input the URL(s) for the desired Watchlists.
  • C. Click Take Action, select Edit, and select the desired Watchlists.
  • D. Click Add Watchlists, on the Subscribe tab select the desired Watchlists, and click Subscribe.

Answer: B

Explanation:
Reference:
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjl1tW404XvAhWZRhUIHSygB74QFjADegQIExAD& url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%
2Fproduct-docs-news%2F1913%2F18%2FEnterprise%2520EDR%2520Getting%
2520Started.pdf&usg=AOvVaw2_M7opfEgUaIIfutBZChvk (5)

 

NEW QUESTION 70
An analyst is investigating an alert within Enterprise EDR on the process analysis page. The process tree can be seen below:

Which statement accurately characterizes this situation?

  • A. The solid line between the nodes denotes a process was injected into by another process.
  • B. The analyst navigated to this process analysis page from the wscrlpt.exe process.
  • C. Conhost.exe has one or more child processes.
  • D. Several nodes in this process tree have watchlist hits.

Answer: A

 

NEW QUESTION 71
An analyst is investigating an alert within Enterprise EDR on the process analysis page. The process tree can be seen below:

Which statement accurately characterizes this situation?

  • A. The solid line between the nodes denotes a process was injected into by another process.
  • B. The analyst navigated to this process analysis page from the wscrlpt.exe process.
  • C. Conhost.exe has one or more child processes.
  • D. Several nodes in this process tree have watchlist hits.

Answer: A

 

NEW QUESTION 72
What does the Aggressive setting do when configured in Local Scan Settings?

  • A. It enables signature updates for the scanner.
  • B. It scans all files on execution.
  • C. It scans new files on first execution.
  • D. It adds a temporary reputation.

Answer: C

 

NEW QUESTION 73
An incorrectly constructed watchlist generates 10,000 incorrect alerts.
How should an administrator resolve this issue?

  • A. Delete the watchlist to automatically clear the alerts, and then create a new watchlist with the correct criteria.
  • B. From the Watchlists Page, select the offending watchlist, click "Clear Alerts" from the Action menu, and then update the watchlist with the correct criteria.
  • C. From the Triage Alerts Page, use the facets to select the watchlist, click the Wrench button to "Mark all as Resolved False Positive", and then update the watchlist with the correct criteria.
  • D. Update the Triage Alerts Page to show 200 alerts, click the Select All Checkbox, click the "Dismiss Alert(s)" button for each page, and then update the watchlist with the correct criteria.

Answer: C

 

NEW QUESTION 74
How often do watchlists run?

  • A. Every 10 minutes
  • B. Every 5 minutes
  • C. Every 30 minutes
  • D. Watchlists can be configured to run at scheduled intervals

Answer: D

 

NEW QUESTION 75
Refer to the exhibit:

Which statement is true in regards to communication between the sensor and server?

  • A. The communication is unencrypted.
  • B. The sensor will communicate on a non-default port.
  • C. The server must have an entry in the host file for cb.yourcompany.com.
  • D. The sensor must be able to resolve the name cb.yourcompany.com.

Answer: A

 

NEW QUESTION 76
An administrator has updated a Threat Intelligence Report by turning it into a watchlist and needs to disable (Ignore) the old Threat Intelligence Report.
Where in the UI is this action not possible to perform?

  • A. Search Threat Reports Page
  • B. Triage Alerts Page
  • C. Threat Report Page
  • D. Threat Intelligence Feeds Page

Answer: D

 

NEW QUESTION 77
Which strategy should be used to purge inactive bans from the web console?

  • A. Run the cbbannlng script on the EDR server
  • B. Go to the hashes page on the web console and remove them
  • C. Use a pre-configured system cron job daily to remove them
  • D. Schedule an add-hoc cron job to remove

Answer: A

 

NEW QUESTION 78
......


How to Prepare For VMware 5V0-91.20: VMware Carbon Black Portfolio Skills Exam

Preparation Guide for VMware 5V0-91.20: VMware Carbon Black Portfolio Skills Exam

Introduction

5V0-91.20: Carbon Black Portfolio Skills VMware Skills The examination is intended for professionals acquainted with VMware Workspace ONE Unified Endpoint Management solutions. Candidates must hold a VMware Certified Professional–Digital Workspace certification and have completed any of the recommended training courses. This review examines the competence standard of VMware Workspace ONE Unified Endpoint Management Solutions. Certification is proof of your knowledge and experience in the fields you choose to practice in. Most suppliers in the industry provide these certifications. If an applicant needs to operate on VMware 5V0-91.20: VMware Carbon Black Portfolio Skills and demonstrate its expertise, VmWare Certification. This VMware 5V0-91.20: Skills in VMware Carbon Black Portfolio Qualification of individuals Certification lets the applicant check his qualifications with a 5V0-91.20 exam test. The VMware 5V0-91.20: VMware Carbon Black Portfolio Certification Test, VMware 5V0-91.20: VMware Carbon Black Portfolio Certification Skills Skills Skills Skills Skills and other facets of 5V0-91.20: VMware Carbon Black Portfolio Certification Skills.


Topics of VMware 5V0-91.20: VMware Carbon Black Portfolio Skills Exam

Candidates must know the exam topics before they start preparation. Because it will really help them to hit the core. Our 5V0-91.20 dumps will include the following topics:

1. Fundamentals of Troubleshooting Workspace

  • Summarize the workflow topology of each Workspace ONE UEM productivity and integration component.
  • Summarize the general logic of Workspace ONE UEM issues troubleshooting.

2. Workspace ONE UEM Console Troubleshooting

  • Troubleshoot issues related to group management and assignments.
  • Collect and analyze Workspace ONE UEM console logs.
  • Troubleshoot Workspace ONE reporting issues.
  • Identify common Workspace ONE UEM console issues.

3. Endpoint Troubleshooting

  • Troubleshoot endpoint connectivity issues.
  • Summarize the key factors in collecting and analyzing Workspace ONE UEM
  • Troubleshoot DEP enrollment issues.
  • Device Services logs and targeted logging.

4. Workspace ONE UEM Enterprise Integration Troubleshooting

  • Troubleshoot issues related to Cloud Connector.
  • Troubleshoot issues related to directory services integration.
  • Troubleshoot issues related to VMware Identity Manager integration in Workspace ONE UEM.
  • Troubleshoot issues related to Certificate Authority (CA) integration.

5. Email Troubleshooting

  • Troubleshoot PowerShell integration related issues.
  • Identify common email issues.
  • Troubleshoot issues related to Email Notification Services (ENS).
  • Troubleshoot issues related to email compliance policy.
  • Troubleshoot Secure Email Gateway (SEG) related issues.

6. Application Troubleshooting

  • Troubleshoot issues related to public application management lifecycle.
  • Troubleshoot issues related to internal application management lifecycle.
  • Troubleshoot issues related to Apple Volume Purchase Program (VPP).
  • Troubleshoot issues related to per-app VPN.
  • Troubleshoot issues related to Windows Store for Business.

7. Content Troubleshooting

  • Troubleshoot issues related to an Admin Repository.
  • Collect and analyze Content Gateway logs.
  • Troubleshoot issues related to Content Gateway.
  • Troubleshoot issues related to Workspace ONE.

 

Updated Verified Pass 5V0-91.20 Exam - Real Questions & Answers: https://www.preppdf.com/VMware/5V0-91.20-prepaway-exam-dumps.html

Related Articles

more
VMware 5V0-91.20 Certification Practice Exam