What connectivity is required for VMware Carbon Black Cloud Endpoint Standard to perform Sensor Certificate Validation?
An administrator has been tasked with preventing the use of unauthorized USB storage devices from being used in the environment.
Which item needs to be enabled in order to enforce this requirement?
An organization has the following requirements for allowing application.exe:
Must not work for any user's D:\ drive
Must allow running only from inside of the user's Temp\Allowed directory
Must not allow running from anywhere outside of Temp\Allowed
For example, on one user's machine, the path is C:\Users\Lorie\Temp\Allowed\application.exe.
Which path meets this criteria using wildcards?
An administrator is investigating an alert and reads a summary that says:
The application powershell.exe was leveraged to make a potentially malicious network connection.
Which action should the administrator take immediately to block that connection?
Where can a user identify whether a sensor's signature pack is out-of-date in VMware Carbon Black Cloud?
An administrator needs to add an application to the Approved List in the VMware Carbon Black Cloud console.
Which two different methods may be used for this purpose? (Choose two.)
Which VMware Carbon Black Cloud process is responsible for uploading event reporting to VMware Carbon Black Cloud?
The administrator has configured a permission rule with the following options selected:
Application at path: C:\Program Files\**
Operation Attempt: Performs any operation
Action: Bypass
What is the impact, if any, of using the wildcards in the application at path field?
The use of leading wildcards in a query is not recommended unless absolutely necessary because they carry a significant performance penalty for the search.
What is an example of a leading wildcard?
An administrator has configured a permission rule with the following options selected:
Application at path: C:\Program Files\**
Operation Attempt: Performs any operation
Action: Bypass
What is the impact, if any, of using the wildcards in the path?
Which scenario would qualify for the "Local White" Reputation?
A VMware Carbon Black managed endpoint is showing up as an inactive device in the console.
What is the threshold, in days, before a machine shows as inactive?
A security administrator notices an unusual software behavior on an endpoint. The administrator immediately used the search query to collect data and start analyzing indicators to find the solution.
What is a pre-requisite step in gathering specific vulnerability data to export it as a CSV file for analysis?
An administrator wants to be notified when particular Tactics, Techniques, or Procedures (TTPs) are observed on a managed endpoint.
Which notification option must the administrator configure to receive this notification?
An organization has found application.exe running on some machines in their Workstations policy. Application.exe has a SUSPECT_MALWARE reputation and runs from C:\Program Files\IT\Tools. The Workstations policy has the following rules which could apply:
Blocking and Isolation Rule
Application on the company banned list > Runs or is running > Deny
Known malware > Runs or is running > Deny
Suspect malware > Runs or is running > Terminate
Permissions Rule
C:\Program Files\IT\Tools\* > Performs any operation > Bypass
Which action, if any, should an administrator take to ensure application.exe cannot run?
A script-based attack has been identified that inflicted damage to the corporate systems. The security administrator found out that the malware was coded into Excel VBA and would like to perform a search to further inspect the incident.
Where in the VMware Carbon Black Cloud Endpoint Standard console can this action be completed?
A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry.
Which components can be checked to further inspect the cause of the alert?
An administrator is working in a development environment that has a policy rule applied and notices that there are too many blocks. The administrator takes action on the policy rule to troubleshoot the issue until the blocks are fixed.
Which action should the administrator take?