• Home
  • Articles
  • [Nov-2021] 5V0-91.20 Pre-Exam Practice Tests Exam Questions and Answers for VMware Carbon Black EndPoint Protection 2021 Study Guide [Q30-Q50]

[Nov-2021] 5V0-91.20 Pre-Exam Practice Tests Exam Questions and Answers for VMware Carbon Black EndPoint Protection 2021 Study Guide [Q30-Q50]

Share

[Nov-2021] 5V0-91.20 Pre-Exam Practice Tests | Exam Questions and Answers for VMware Carbon Black EndPoint Protection 2021 Study Guide

VMware Carbon Black Portfolio Skills Certification Sample Questions


Topics of VMware 5V0-91.20: VMware Carbon Black Portfolio Skills Exam

Candidates must know the exam topics before they start preparation. Because it will really help them to hit the core. Our 5V0-91.20 dumps will include the following topics:

1. Fundamentals of Troubleshooting Workspace

  • Summarize the general logic of Workspace ONE UEM issues troubleshooting.
  • Summarize the workflow topology of each Workspace ONE UEM productivity and integration component.

2. Workspace ONE UEM Console Troubleshooting

  • Troubleshoot Workspace ONE reporting issues.
  • Troubleshoot issues related to group management and assignments.
  • Collect and analyze Workspace ONE UEM console logs.
  • Identify common Workspace ONE UEM console issues.

3. Endpoint Troubleshooting

  • Summarize the key factors in collecting and analyzing Workspace ONE UEM
  • Device Services logs and targeted logging.
  • Troubleshoot DEP enrollment issues.
  • Troubleshoot endpoint connectivity issues.

4. Workspace ONE UEM Enterprise Integration Troubleshooting

  • Troubleshoot issues related to directory services integration.
  • Troubleshoot issues related to VMware Identity Manager integration in Workspace ONE UEM.
  • Troubleshoot issues related to Cloud Connector.
  • Troubleshoot issues related to Certificate Authority (CA) integration.

5. Email Troubleshooting

  • Troubleshoot issues related to Email Notification Services (ENS).
  • Troubleshoot Secure Email Gateway (SEG) related issues.
  • Troubleshoot issues related to email compliance policy.
  • Identify common email issues.
  • Troubleshoot PowerShell integration related issues.

6. Application Troubleshooting

  • Troubleshoot issues related to Windows Store for Business.
  • Troubleshoot issues related to per-app VPN.
  • Troubleshoot issues related to public application management lifecycle.
  • Troubleshoot issues related to Apple Volume Purchase Program (VPP).
  • Troubleshoot issues related to internal application management lifecycle.

7. Content Troubleshooting

  • Collect and analyze Content Gateway logs.
  • Troubleshoot issues related to an Admin Repository.
  • Troubleshoot issues related to Workspace ONE.
  • Troubleshoot issues related to Content Gateway.

 

NEW QUESTION 30
How is a new Alert of type Event Alert created whenever an endpoint is added or deleted and send emails for the App Control admin whenever these events occur?

  • A. Add filter in Event Properties for Subtype Endpoint added and Endpoint deleted. Click Create and add the App Control admin email, and then click Create &. Exit.
  • B. Add filter in Event Properties for Subtype Computer modified. Add the App Control admin email, and then click Create & Exit.
  • C. Add filter in Event Properties for Subtype Computer added and Computer deleted. Add the App Control admin email, and then click Create & Exit.
  • D. Add filter in Event Properties for Subtype Computer added and Computer deleted. Click Create and add the App Control admin email, and then click Create & Exit.

Answer: B

 

NEW QUESTION 31
An analyst wants to block an application's specific behavior but does not want to kill the process entirely as it is heavily used on workstations. The analyst needs to use a Blocking and Isolation Action to ensure that the process is kept alive while blocking further unwanted activity.
Which Blocking and Isolation Action should the analyst use to accomplish this goal?

  • A. Block Process
  • B. Log Operation
  • C. Terminate Process
  • D. Deny Operation

Answer: D

 

NEW QUESTION 32
A Carbon Black Cloud analyst needs to identify the Internet Explorer extensions installed on Windows endpoints.
Which Live Query statement will successfully query these items?

  • A. SELECT * FROM registry JOIN ie_extensions;
  • B. SELECT * FROM registry WHERE ie_extensions;
  • C. SELECT * FROM ie_extensions;
  • D. SELECT * FROM ie_extensions WHERE enabled=true;

Answer: A

 

NEW QUESTION 33
While an administrator is reviewing an alert, the device is observed beaconing to an unknown destination.
Which action should be taken to stop this behavior?

  • A. Place the device in Quarantine
  • B. Deregister the sensor
  • C. Put the device in Bypass mode
  • D. Assign the application to the Approved List

Answer: C

 

NEW QUESTION 34
There is a need to ignore all activity at an application path.
Which rule definition should be used to address this need?

  • A. Application at Path, Performs any operation, Bypass
  • B. Application at Path, Runs or is Running, Bypass
  • C. Application at Path, Runs or is Running, Allow & Log
  • D. Application at Path, Performs any operation, Allow & Log

Answer: A

 

NEW QUESTION 35
An analyst is investigating an alert within the Enterprise EDR console and needs to take action on it.
Which three actions are available to take on the alert? (Choose three.)

  • A. Edit watchlist
  • B. Save report
  • C. Notifications history
  • D. Dismiss on all devices if grouping is enabled
  • E. Dismiss
  • F. Ignore alert

Answer: B,D,E

Explanation:
Reference:
Alerts/ta-p/51766

 

NEW QUESTION 36
What occurs when an administrator selects "Enable private logging level" in Sensor Settings under Policy?

  • A. Live Response is disabled.
  • B. Domain names are obfuscated.
  • C. Script Files that have unknown reputations are not uploaded.
  • D. Delay execute for cloud scan is disabled.

Answer: C

 

NEW QUESTION 37
Refer to the exhibit:

Which two logic statements correctly explain filtering within the UI? (Choose two.)

  • A. Filtering within the same field is a logical AND
  • B. Filtering between fields is a logical OR
  • C. Filtering between fields is a logical AND
  • D. Filtering within the same field is a logical OR
  • E. Filtering between fields is a logical XOR

Answer: B,E

 

NEW QUESTION 38
Review the following EDR query:
parent_name:outlook.exe AND -alliance_score_srstrust:* AND -digsig_result: "Signed' Which process would show in the query results?

  • A. Processes invoking outlook.exe that do not have an SRS Trust value and that are not digitally signed.
  • B. Processes invoked by outlook.exe that have an SRS Trust value and that are digitally signed.
  • C. Processes invoking outlook.exe that have an SRS Trust value and that are not digitally signed.
  • D. Processes invoked by outlook.exe that do not have an SRS Trust value and that are not digitally signed.

Answer: C

 

NEW QUESTION 39
A process is writing numerous interesting files that never actually execute.
Which rule type can the administrator define that will prevent reporting these file creations?

  • A. Performance Optimization
  • B. Expert (Tag Process, Terminate Process)
  • C. Execute Ignore
  • D. File Creation Control (Suppress)

Answer: A

 

NEW QUESTION 40
Given an event rule: Approve nVidia Drivers, changes the local state to Approved for file writes or execution blocks when the publisher is NVIDIA Corporation.
How is an alert created that is triggered whenever an nVidia driver is approved by the event rule?

  • A. Click Create Alert on the event rule Approve nVidia Drivers details page. Click Create and add email recipients. Create and Exit.
  • B. Create a custom rule name Approve nVidia that approves writes or blocks when the publisher is NVIDIA Corporation. Create an alert for rule name Approve nVidia. Click Create and add email recipients.
  • C. Click Create Alert on the event rule Approve nVidia Drivers details page. Add email recipients. Create and Exit.
  • D. Add a new Alert of type Event Alert. Set Subtype to New unapproved file to computer and Execution block (unapproved file) and Publisher to NVIDIA Corporation. Click Create and add email recipients.

Answer: A

 

NEW QUESTION 41
Refer to the exhibit:

Which statement is true in regards to communication between the sensor and server?

  • A. The sensor must be able to resolve the name cb.yourcompany.com.
  • B. The communication is unencrypted.
  • C. The server must have an entry in the host file for cb.yourcompany.com.
  • D. The sensor will communicate on a non-default port.

Answer: B

 

NEW QUESTION 42
An Enterprise EDR administrator wants to use Watchlists curated by VMware Carbon Black and other threat intelligence specialists.
How should the administrator add these curated Watchlists from the Watchlists page?

  • A. Click Take Action, and select Subscribe for the desired Watchlists.
  • B. Click Take Action, select Edit, and select the desired Watchlists.
  • C. Click Add Watchlists, and input the URL(s) for the desired Watchlists.
  • D. Click Add Watchlists, on the Subscribe tab select the desired Watchlists, and click Subscribe.

Answer: C

Explanation:
Reference:
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjl1tW404XvAhWZRhUIHSygB74QFjADegQIExAD& url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%
2Fproduct-docs-news%2F1913%2F18%2FEnterprise%2520EDR%2520Getting%
2520Started.pdf&usg=AOvVaw2_M7opfEgUaIIfutBZChvk (5)

 

NEW QUESTION 43
An administrator runs multiple queries on tables and combines the results after the fact to correlate data. The administrator needs to combine rows from multiple tables based on data from a related column in each table.
Which SQL statement should be used to achieve this goal?

  • A. AS
  • B. WHERE
  • C. COMBINE
  • D. JOIN

Answer: D

 

NEW QUESTION 44
An Endpoint Standard administrator is working with an IT team to explicitly permit specific applications from the environment using both the IT Tools and Certs Approved List features.
Once applied, which reputation would these applications be classified under for processing?

  • A. Trusted White
  • B. Local White
  • C. Company White
  • D. Common White

Answer: A

 

NEW QUESTION 45
What is the maximum number of binaries (hashes) that can be banned using the web console?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B

 

NEW QUESTION 46
Which statement filters data to only return rows where the publisher of the software includes VMware anywhere in the name?

  • A. WHERE publisher LIKE "VMware%"
  • B. WHERE publisher = "%VMware"
  • C. WHERE publisher = "%VMware%"
  • D. WHERE publisher LIKE "%VMware%"

Answer: D

 

NEW QUESTION 47
An alert for a device running a proprietary application is tied to a vital business operation.
Which action is appropriate to take?

  • A. Quarantine the device.
  • B. Terminate the process.
  • C. Deny the operation.
  • D. Add the application to the Approved List.

Answer: D

 

NEW QUESTION 48
Which reputation has the highest priority in Cloud Endpoint Standard?

  • A. Ignore
  • B. Unknown
  • C. Known Malware
  • D. Adware/PUP Malware

Answer: C

 

NEW QUESTION 49
Which statement should be used when constructing queries in Carbon Black Audit and Remediation, Live Query?

  • A. ALTER
  • B. SELECT
  • C. REMOVE
  • D. UPDATE

Answer: B

 

NEW QUESTION 50
......

VMware Exam Practice Test To Gain Brilliante Result: https://www.lead2passexam.com/VMware/valid-5V0-91.20-exam-dumps.html

Related Articles

more
VMware 5V0-91.20 Certification Practice Exam