← Back to exam page

5V0-91.20 VMware Carbon Black Portfolio Skills

Loading demo links...

Showing 1–3 of 10 questions

Question 1

In which two ways can the tamper protection on an App Control agent be disabled when diagnosing agent issues or removing the agent? (Choose two.)

Select all that apply, then click Submit answer.

  • From the Computer Details page on the web console

  • From the Files on Computers page on the web console

  • Run authenticated DasCLI on Windows command prompt

  • Run RepCLI on Windows command prompt

  • From the File Catalog page on the web console
Question 2

This search is entered into the process search page: notepad.exe Which three statements about this query are true? (Choose three.)

Select all that apply, then click Submit answer.

  • Only processes named notepad.exe will be returned.

  • Since a field name is not selected, query performance will be impacted.

  • A field identifier is required for all criteria within a process search.

  • The search will fail with an error.

  • All processes containing the text notepad.exe in any default field.

  • Processes with registry modifications containing notepad.exe would be retuned.
Question 3

An Endpoint Standard analyst runs the query in the graphic below:

Which three statements are true from the results shown? (Choose three.)

Select all that apply, then click Submit answer.

  • The process is a PowerShell process running a script with a .ps1 extension.

  • The process has a threat score greater than 4.

  • The process made a network connection to another system.

  • The process had a NOT_LISTED reputation at the time the event occurred.

  • The process was run under the NT_AUTHORITY\SYSTEM user context.

  • The process was able to inject code into another process.