5V0-91.20 Online Practice Questions and Answers

Review this result after executing a query in the Process Search page, noting the circled black dot:

What is the meaning of the black dot shown under Tags?

A. The execution of the process resulted in watchlist hits.

B. The events for the process were tagged in an investigation.

C. The events for the process were also sent to the Syslog Server.

D. The execution of the process resulted in feed hits.

How often do watchlists run?

A. Every 10 minutes

B. Every 5 minutes

C. Watchlists can be configured to run at scheduled intervals

D. Every 30 minutes

Which ID in Endpoint Standard is associated with one specific action, involves up to three different hashes (Parent, Process, Target), and occurs on a single device at a specific time?

A. Threat ID

B. Process ID

C. Alert ID

D. Event ID

Carbon Black App Control maintains an inventory of all interesting (executable) files on endpoints where the agent is installed.

What is the initial inventory procedure called, and how can this process be triggered?

A. Inventorying; enable Discovery mode

B. Baselining; install the agent

C. Discovery; place agent into Disabled mode

D. Initialization; move agent out of Disabled mode

An Endpoint Standard analyst runs the query in the graphic below:

Which three statements are true from the results shown? (Choose three.)

A. The process is a PowerShell process running a script with a .ps1 extension.

B. The process has a threat score greater than 4.

C. The process made a network connection to another system.

D. The process had a NOT_LISTED reputation at the time the event occurred.

E. The process was run under the NT_AUTHORITY\SYSTEM user context.

F. The process was able to inject code into another process.

An analyst on the security team noticed that several alerts are false positives within Enterprise EDR. The analyst disables the IOC within the report from those alerts.

Which statement correctly explains what disabling the IOC will accomplish?

A. That specific IOC in the report will no longer generate hits or alerts on the device from the alert.

B. The report will no longer generate hits or alerts on the device from the alert.

C. That specific IOC in the report will no longer generate hits or alerts.

D. The report will no longer generate hits or alerts.

Which reputation has the highest priority in Cloud Endpoint Standard?

A. Unknown

B. Adware/PUP Malware

C. Known Malware

D. Ignore

A security policy states to enable Live Response by default across the enterprise. However, the team identified critical systems which should not support Live Response due to risk. The team needs to disable Live Response on selected systems.

From which page can this goal be accomplished?

A. Policy

B. API Access

C. Endpoints

D. Roles

An administrator needs to manage a group of sensors from within the console.

Which three actions are available for sensors within the Sensor Group? (Choose three.)

A. Move to group

B. Disable

C. Restart

D. Ban

E. Uninstall

F. Share Settings

Which list below captures all Enforcement Levels for App Control policies?

A. Critical, Lockdown, Monitored, Tracking, Banning

B. High Enforcement, Medium Enforcement, Low Enforcement

C. High Enforcement, Medium Enforcement, Low Enforcement, None (Visibility), None (Disabled)

D. Control, Local Approval, Disabled