• Home
  • Articles
  • [Oct-2021] Pass VMware 5V0-91.20 Exam in First Attempt Guaranteed! [Q52-Q77]

[Oct-2021] Pass VMware 5V0-91.20 Exam in First Attempt Guaranteed! [Q52-Q77]

Share

[Oct-2021] Pass VMware 5V0-91.20 Exam in First Attempt Guaranteed!

Full 5V0-91.20 Practice Test and 115 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 52
Which strategy should be used to purge inactive bans from the web console?

  • A. Go to the hashes page on the web console and remove them
  • B. Run the cbbannlng script on the EDR server
  • C. Use a pre-configured system cron job daily to remove them
  • D. Schedule an add-hoc cron job to remove

Answer: B

 

NEW QUESTION 53
An Enterprise EDR administrator is reviewing the Investigate page and believes they are receiving false positive hits from specific watchlist.
Which three options reduce future false positive hits from this watchlist? (Choose three.)

  • A. Disable/remove the report associated with the false positives.
  • B. Disable the watchlist associated with the false positives.
  • C. Disable/remove the IOC associated with the false positives.
  • D. Modify policy rules to exclude the false positive directory.
  • E. Select edit watchlist and uncheck alert on hits.
  • F. Dismiss the watchlist hit.

Answer: A,C,E

 

NEW QUESTION 54
An administrator has configured a policy to run a standard background scan.
How long does this one-time scan take to complete on endpoints assigned to that policy?

  • A. 180 days
  • B. 30 days
  • C. 3-5 days
  • D. 1 day

Answer: B

 

NEW QUESTION 55
An administrator runs the following query in Audit and Remediation:
SELECT *
FROM users
WHERE UID >= 500;
How long will this query stay active and accept data from the sensors?

  • A. 30 days
  • B. 14 days
  • C. 7 days
  • D. 1 day

Answer: A

 

NEW QUESTION 56
Review the following EDR query:
(parent_name:powershell.exe OR parent_name:cmd.exe) AND netconn_count:[l TO *] Which process would show in the query results?

  • A. Processes invoking Powershell.exe and cmd.exe with multiple network connection events
  • B. Processes invoked by Powershell.exe and cmd.exe with a single network connection event
  • C. Processes invoked by Powershell.exe or cmd.exe with any number of network connection events
  • D. Processes invoking Powershell.exe or cmd.exe with multiple network connection events

Answer: B

 

NEW QUESTION 57
An administrator needs to manage a group of sensors from within the console.
Which three actions are available for sensors within the Sensor Group? (Choose three.)

  • A. Restart
  • B. Disable
  • C. Ban
  • D. Share Settings
  • E. Move to group
  • F. Uninstall

Answer: A,E,F

 

NEW QUESTION 58
Which value should an administrator use when reviewing an alert to determine the file reputation at the time the event occurred?

  • A. Cloud Reputation (Initial)
  • B. Cloud Reputation (Current)
  • C. Effective Reputation
  • D. Local Reputation

Answer: A

 

NEW QUESTION 59
What are the three available methods in VMware Carbon Black App Control by which an endpoint (agent) can be assigned to a specific policy? (Choose three.)

  • A. Manual policy assignment
  • B. By branded/policy-specific installer
  • C. By installing the agent via SCCM
  • D. By Active Directory Mapping
  • E. By pushing the designated GPO script
  • F. Via DASCLI command

Answer: A,C,D

 

NEW QUESTION 60
Which statement is true when searching through the EDR server UI?

  • A. Whitespaces between search terms imply the OR operator.
  • B. The percent symbol % is the character to represent a wildcard.
  • C. The exclamation point ! is the character to represent negation.
  • D. The backslash \ is the character to escape characters.

Answer: B

 

NEW QUESTION 61
Which list below captures all Enforcement Levels for App Control policies?

  • A. High Enforcement, Medium Enforcement, Low Enforcement, None (Visibility), None (Disabled)
  • B. High Enforcement, Medium Enforcement, Low Enforcement
  • C. Control, Local Approval, Disabled
  • D. Critical, Lockdown, Monitored, Tracking, Banning

Answer: A

Explanation:
Reference:
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwiFsPPz04XvAhWRsnEKHV4lBukQFjABegQIAhAD& url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%
2Fproduct-docs-news%2F2961%2F1%2FVMware%2520Carbon%2520Black%2520App%2520Control%
25208.5.0%2520User%2520Guide.pdf&usg=AOvVaw3es_0JTc8-_BifNR4iFiGl (6)

 

NEW QUESTION 62
An incorrectly constructed watchlist generates 10,000 incorrect alerts.
How should an administrator resolve this issue?

  • A. From the Triage Alerts Page, use the facets to select the watchlist, click the Wrench button to "Mark all as Resolved False Positive", and then update the watchlist with the correct criteria.
  • B. Delete the watchlist to automatically clear the alerts, and then create a new watchlist with the correct criteria.
  • C. From the Watchlists Page, select the offending watchlist, click "Clear Alerts" from the Action menu, and then update the watchlist with the correct criteria.
  • D. Update the Triage Alerts Page to show 200 alerts, click the Select All Checkbox, click the "Dismiss Alert(s)" button for each page, and then update the watchlist with the correct criteria.

Answer: A

 

NEW QUESTION 63
Level 3 service desk personnel have been approved to modify computer enforcement levels by security governance.
Which set of steps is required to implement this change?

  • A. Create new user role, map AD group to role, assign permission "Manage computers" to role.
  • B. Assign permission "Temporary assign computers" to each user.
  • C. Create new user role, assign permission "Manage computers" to role.
  • D. Create new user role, map AD group to role, assign permission "Temporary assign computers" to role.

Answer: B

 

NEW QUESTION 64
A process has created a number of interesting (executable) files in one sequence.
In addition to the event Subtype 'New Unapproved File to Computer', what other event subtype is likely to be associated with this sequence?

  • A. File Properties Modified
  • B. File Group Created
  • C. New File Discovered on Startup
  • D. File Upload Completed

Answer: C

 

NEW QUESTION 65
Refer to the exhibit, noting the circled red dot:

What is the meaning of the red dot under Hits in the Process Search page?

  • A. Whether the execution of the process resulted in a syslog hit
  • B. Whether the execution of the process resulted in a sensor hit
  • C. Whether the execution of the process resulted in a feed hit
  • D. Whether the execution of the process resulted in matching hits for different users

Answer: D

 

NEW QUESTION 66
While an administrator is reviewing an alert, the device is observed beaconing to an unknown destination.
Which action should be taken to stop this behavior?

  • A. Put the device in Bypass mode
  • B. Assign the application to the Approved List
  • C. Deregister the sensor
  • D. Place the device in Quarantine

Answer: A

 

NEW QUESTION 67
What is the meaning, if any, of the event Report write (removable media)?

  • A. A Policy's device control setting 'Block writes to unapproved removable media' is set to Report Only. The event details show the process, file name, and hash modified or deleted on the removable media.
  • B. A Policy's device control setting 'Block writes to unapproved removable media' is set to Report Only. The event details show the process and file name modified or deleted on the unapproved removable media.
  • C. This event would never occur. App Control does not report activity on removable media.
  • D. A Policy's device control setting 'Block writes to unapproved removable media' is set to Enabled. The event details show the process, file name, and hash modified or deleted on the removable media.

Answer: B

 

NEW QUESTION 68
An analyst is investigating a specific alert in Endpoint Standard. The analyst selects the investigate button from the alert triage page and sees the following:

Which statement accurately characterizes this situation?

  • A. These events are tied to an observed alert within the user interface.
  • B. The events shown will all have the same event ID, correlating them to the alert.
  • C. The policy had no blocking and isolation rules set.
  • D. Each event listed contributed to the overall alert score and severity.

Answer: D

 

NEW QUESTION 69
When dismissing alerts, when should an administrator select "If alert occurs in the future, automatically dismiss it from all devices"?

  • A. When the administrator wishes to be notified again to this behavior
  • B. When the administrator wishes to apply this action to all future alerts from the device
  • C. When the administrator wishes to mark the alert instance as a false positive
  • D. When the administrator wishes to remove the alert

Answer: B

 

NEW QUESTION 70
An Enterprise EDR administrator wants to use Watchlists curated by VMware Carbon Black and other threat intelligence specialists.
How should the administrator add these curated Watchlists from the Watchlists page?

  • A. Click Take Action, select Edit, and select the desired Watchlists.
  • B. Click Add Watchlists, on the Subscribe tab select the desired Watchlists, and click Subscribe.
  • C. Click Add Watchlists, and input the URL(s) for the desired Watchlists.
  • D. Click Take Action, and select Subscribe for the desired Watchlists.

Answer: C

Explanation:
Reference:
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjl1tW404XvAhWZRhUIHSygB74QFjADegQIExAD& url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%
2Fproduct-docs-news%2F1913%2F18%2FEnterprise%2520EDR%2520Getting%
2520Started.pdf&usg=AOvVaw2_M7opfEgUaIIfutBZChvk (5)

 

NEW QUESTION 71
A watchlist generates a false positive on the Triage Alerts page, so the watchlist must be updated.
How should this task be accomplished?

  • A. Open the Watchlist Page and click the pencil button associated with the watchlist.
  • B. One can update watchlists from the Process Search Page.
  • C. One can update watchlists directly on the Triage Alerts Page using the pencil icon.
  • D. Open the process analysis page and select the Add Watchlist Exclusion option from the Actions menu.

Answer: C

 

NEW QUESTION 72
An analyst wants to block an application's specific behavior but does not want to kill the process entirely as it is heavily used on workstations. The analyst needs to use a Blocking and Isolation Action to ensure that the process is kept alive while blocking further unwanted activity.
Which Blocking and Isolation Action should the analyst use to accomplish this goal?

  • A. Log Operation
  • B. Terminate Process
  • C. Deny Operation
  • D. Block Process

Answer: C

 

NEW QUESTION 73
An analyst is investigating an alert within Enterprise EDR on the process analysis page. The process tree can be seen below:

Which statement accurately characterizes this situation?

  • A. The solid line between the nodes denotes a process was injected into by another process.
  • B. The analyst navigated to this process analysis page from the wscrlpt.exe process.
  • C. Several nodes in this process tree have watchlist hits.
  • D. Conhost.exe has one or more child processes.

Answer: A

 

NEW QUESTION 74
An active compromise is detected on an endpoint. Due to current policies, the compromise was detected but not terminated.
What would be an appropriate action to end the current communication between the device and the attacker?

  • A. Place the system into bypass mode
  • B. Remotely scan the endpoint
  • C. Place the system into Quarantine
  • D. Uninstall the sensor

Answer: A

 

NEW QUESTION 75
After an emergency, what does the Restore computer button do on the App Control Home page?

  • A. Move all computers to High Enforcement level
  • B. Move all computers to the original Enforcement level
  • C. Move all computers to Medium Enforcement level
  • D. Move all computers to Low Enforcement level

Answer: B

 

NEW QUESTION 76
An administrator ran the following query.
SELECT name, VERSION, install_location, install_source, publisher, install_date, uninstall_string FROM programs WHERE publisher = "Microsoft Corporation"; The administrator notices a lot of installed programs are not returned.
How can the administrator alter the query to see all results?

  • A. Change the WHERE clause to = "*"
  • B. Replace the = with LIKE
  • C. Remove the WHERE clause
  • D. Edit the WHERE clause to remove the quotes

Answer: D

 

NEW QUESTION 77
......

Get Latest 5V0-91.20 Dumps Exam Questions in here: https://www.briandumpsprep.com/5V0-91.20-prep-exam-braindumps.html

Related Articles

more
VMware 5V0-91.20 Certification Practice Exam

Our exam braindumps and prep exam torrent are with the high quality and can help you pass with guaranteed pass score. 365 days free update is the privilege for you after purchase of our exam training dumps. 100% pass is an easy thigh for you.

Tags

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 BraindumpsPrep NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy