Best Preparation Resource for VMware 5V0-93.22 Exam – Use 5V0-93.22 Exam Dumps to Effectively Prepare for the Exam

1. An administrator has been tasked with preventing the use of unauthorized USB storage devices from being used in the environment.

Which item needs to be enabled in order to enforce this requirement?

2. An administrator needs to create a search, but it must exclude "system.exe".

How should this task be completed?

3. An administrator needs to use an ID to search and investigate security incidents in Carbon Black Cloud.

Which three IDs may be used for this purpose? (Choose three.)

4. Which VMware Carbon Black Cloud integration is supported for SIEM?

5. What connectivity is required for VMware Carbon Black Cloud Endpoint Standard to perform Sensor Certificate Validation?

6. An administrator wants to block an application by its path instead of reputation. The following steps have already been taken:

Go to Enforce > Policies > Select the desired policy >

Which additional steps must be taken to complete the task?

7. An administrator is investigating an alert and reads a summary that says:

The application powershell.exe was leveraged to make a potentially malicious network connection.

Which action should the administrator take immediately to block that connection?

8. Which command is used to immediately terminate a current Live Response session?

9. A user downloaded and executed malware on a system. The malware is actively exfiltrating data.

Which immediate action is recommended to prevent further exfiltration?

10. What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?

11. An administrator wants to find information about real-world prevention rules that can be used in

VMware Carbon Black Cloud Endpoint Standard.

How can the administrator obtain this information?

12. Is it possible to search for unsigned files in the console?

13. The administrator has configured a permission rule with the following options selected:

- Application at path: C:Program Files**

- Operation Attempt: Performs any operation

- Action: Bypass

What is the impact, if any, of using the wildcards in the application at path field?

14. A script-based attack has been identified that inflicted damage to the corporate systems. The security

administrator found out that the malware was coded into Excel VBA and would like to perform a search to further inspect the incident.

Where in the VMware Carbon Black Cloud Endpoint Standard console can this action be completed?

15. An administrator would like to proactively know that something may get blocked when putting a policy rule in the environment.

How can this information be obtained?

16. An administrator has just placed an endpoint into bypass.

What type of protection, if any, will VMware Carbon Black provide this device?

17. A security administrator needs to review the Live Response activities and commands that have been executed while performing a remediation process to the sensors.

Where can the administrator view this information in the console?

18. Which statement accurately characterizes Alerts that are categorized as a "Threat" versus those categorized as "Observed"?

19. An administrator is working in a development environment that has a policy rule applied and notices that there are too many blocks. The administrator takes action on the policy rule to troubleshoot the issue until the blocks are fixed.

Which action should the administrator take?

20. An organization has the following requirements for allowing application.exe:

- Must not work for any user's D: drive

- Must allow running only from inside of the user's TempAllowed directory

- Must not allow running from anywhere outside of TempAllowed

For example, on one user's machine, the path is C:UsersLorieTempAllowedapplication.exe.

Which path meets this criteria using wildcards?