A company uses Audit and Remediation to check configurations and adhere to compliance
regulations. The regulations require monthly reporting and twelve months of data retained.
How can an administrator accomplish this requirement with Audit and Remediation?
D
Which list below captures all Enforcement Levels for App Control policies?
C
Reference:
https://www.google.com/url
?
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwiFsPPz04XvAhWRsnEKHV4lBukQFjABegQIA
hAD&
url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw2732
5%
2Fproduct-docs-
news%2F2961%2F1%2FVMware%2520Carbon%2520Black%2520App%2520Control%
25208.5.0%2520User%2520Guide.pdf&usg=AOvVaw3es_0JTc8-_BifNR4iFiGl (6)
An incorrectly constructed watchlist generates 10,000 incorrect alerts.
How should an administrator resolve this issue?
B
An Enterprise EDR administrator wants to use Watchlists curated by VMware Carbon Black and other
threat intelligence specialists.
How should the administrator add these curated Watchlists from the Watchlists page?
A
Reference:
https://www.google.com/url
?
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjl1tW404XvAhWZRhUIHSygB74QFjADegQI
ExAD&
url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw2732
5%
2Fproduct-docs-news%2F1913%2F18%2FEnterprise%2520EDR%2520Getting%
2520Started.pdf&usg=AOvVaw2_M7opfEgUaIIfutBZChvk (5)
Which identifier is shared by all events when an alert is investigated?
B
An analyst on the security team noticed that several alerts are false positives within Enterprise EDR.
The
analyst disables the IOC within the report from those alerts.
Which statement correctly explains what disabling the IOC will accomplish?
C
What information does the Alert Details panel provide on the Alert Triage page in Endpoint
Standard?
A
An analyst is reviewing an alert in Enterprise EDR from a custom watchlist. The analyst disagrees with
the alert severity rating.
How can the analyst change the alert severity value, if this is possible?
C
An administrator wants to allow files to run from a network share.
Which rule type should the administrator configure?
A
What is the maximum number of binaries (hashes) that can be banned using the web console?
C
What are three ways to ignore a feed report within the EDR user interface? (Choose three.)
ABF
Reference:
https://community.carbonblack.com/t5/Knowledge-Base/EDR-How-to-Customize-a-
Feed-to
-
Prevent-False-Positives/ta-p/64413
Given the following query:
SELECT * FROM users WHERE UID >= 500;
Which statement is correct?
A
An administrator uses the following Enterprise EDR search query to show web browsers spawning
nonbrowser child processes that connect over the network:
(parent_name:chrome.exe OR parent_name:iexplore.exe OR parent_name:firefox.exe) AND (NOT
process_name:chrome.exe OR NOT process_name:iexplore.exe OR NOT process_name:firefox.exe)
Which field can be added to this query to filter the results by signature status?
C
An administrator runs the following query in Audit and Remediation:
SELECT *
FROM users
WHERE UID >= 500;
How long will this query stay active and accept data from the sensors?
C
Reference:
https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-Audit-and
-
Remediation-How-long-does-a-query/ta-p/34817
Which statement is true about configuring VMware Carbon Black Application Control for use on non-
persistent virtual machines (VMs)?
D