• Home
  • Blogs
  • [Q56-Q72] Tested Material Used To 5V0-91.20 Test Engine Exam Questions in here [Dec-2021]

[Q56-Q72] Tested Material Used To 5V0-91.20 Test Engine Exam Questions in here [Dec-2021]

Share

Tested Material Used To 5V0-91.20 Test Engine Exam Questions in here [Dec-2021]

Penetration testers simulate 5V0-91.20 exam PDF

NEW QUESTION 56
Examine the following EDR query:
file_desc:"Windows Command Processor" AND -process_name:cmd.exe
Which process will show in the query results?

  • A. Any process named cmd.exe
  • B. Any process with the binary file description "Windows Command Processor"
  • C. Any process with the binary file description "Windows Command Processor" named cmd.exe
  • D. Any process named something other than cmd.exe with the file description of "Windows Command Processor"

Answer: C

 

NEW QUESTION 57
Which actions are available for Permissions?

  • A. Performs any Operation, Runs or is running
  • B. Allow, Allow & Log, Bypass
  • C. Deny Operation, Terminate Process
  • D. Approve, Upload, No Upload

Answer: B

 

NEW QUESTION 58
Which ID in Endpoint Standard is associated with one specific action, involves up to three different hashes (Parent, Process, Target), and occurs on a single device at a specific time?

  • A. Threat ID
  • B. Alert ID
  • C. Process ID
  • D. Event ID

Answer: D

 

NEW QUESTION 59
In which two ways can the tamper protection on an App Control agent be disabled when diagnosing agent issues or removing the agent? (Choose two.)

  • A. From the File Catalog page on the web console
  • B. From the Computer Details page on the web console
  • C. Run authenticated DasCLI on Windows command prompt
  • D. From the Files on Computers page on the web console
  • E. Run RepCLI on Windows command prompt

Answer: B,C

Explanation:
Reference:
Tamper-Protection/ta-p/37220

 

NEW QUESTION 60
An Endpoint Standard administrator finds a binary in the environment and decides to manually add the file hash to the Banned List.
Which reputation does the file now have?

  • A. Suspect/Heuristic Malware
  • B. Known Malware
  • C. Company Black
  • D. Adware/PUP Malware

Answer: A

 

NEW QUESTION 61
What information does the Alert Details panel provide on the Alert Triage page in Endpoint Standard?

  • A. Device ID
  • B. Alert ID
  • C. Threat ID
  • D. Process ID

Answer: C

 

NEW QUESTION 62
An Endpoint Standard administrator is working with an IT team to explicitly permit specific applications from the environment using both the IT Tools and Certs Approved List features.
Once applied, which reputation would these applications be classified under for processing?

  • A. Local White
  • B. Company White
  • C. Common White
  • D. Trusted White

Answer: D

 

NEW QUESTION 63
Which statement filters data to only return rows where the publisher of the software includes VMware anywhere in the name?

  • A. WHERE publisher = "%VMware%"
  • B. WHERE publisher LIKE "VMware%"
  • C. WHERE publisher LIKE "%VMware%"
  • D. WHERE publisher = "%VMware"

Answer: C

 

NEW QUESTION 64
An analyst is investigating an alert within the Enterprise EDR console and needs to take action on it.
Which three actions are available to take on the alert? (Choose three.)

  • A. Edit watchlist
  • B. Dismiss on all devices if grouping is enabled
  • C. Save report
  • D. Notifications history
  • E. Ignore alert
  • F. Dismiss

Answer: B,C,F

Explanation:
Reference:
Alerts/ta-p/51766

 

NEW QUESTION 65
An analyst is investigating an alert within Enterprise EDR on the process analysis page. The process tree can be seen below:

Which statement accurately characterizes this situation?

  • A. The solid line between the nodes denotes a process was injected into by another process.
  • B. The analyst navigated to this process analysis page from the wscrlpt.exe process.
  • C. Conhost.exe has one or more child processes.
  • D. Several nodes in this process tree have watchlist hits.

Answer: A

 

NEW QUESTION 66
What are the three available methods in VMware Carbon Black App Control by which an endpoint (agent) can be assigned to a specific policy? (Choose three.)

  • A. By pushing the designated GPO script
  • B. By Active Directory Mapping
  • C. By branded/policy-specific installer
  • D. Manual policy assignment
  • E. By installing the agent via SCCM
  • F. Via DASCLI command

Answer: B,D,E

 

NEW QUESTION 67
An administrator viewed and filtered the results of a completed query within the User Interface for Audit and Remediation. The administrator exported the results to create charts and other visuals for reporting. When viewing the exported results, the administrator noticed some results were missing from the data set.
Why did the administrator not have the full data set from the query?

  • A. Export is limited to the first hundred rows, and the query had more rows than supported.
  • B. Export was used prior to the query completing, and some data is missing.
  • C. Export pulls all results; the query must not have covered all data required.
  • D. Export applies to the data visible in the UI; filtering will impact the viewable data.

Answer: B

 

NEW QUESTION 68
Which statement is true when searching through the EDR server UI?

  • A. The backslash \ is the character to escape characters.
  • B. The percent symbol % is the character to represent a wildcard.
  • C. Whitespaces between search terms imply the OR operator.
  • D. The exclamation point ! is the character to represent negation.

Answer: B

 

NEW QUESTION 69
An Enterprise EDR administrator wants to use Watchlists curated by VMware Carbon Black and other threat intelligence specialists.
How should the administrator add these curated Watchlists from the Watchlists page?

  • A. Click Take Action, and select Subscribe for the desired Watchlists.
  • B. Click Add Watchlists, and input the URL(s) for the desired Watchlists.
  • C. Click Take Action, select Edit, and select the desired Watchlists.
  • D. Click Add Watchlists, on the Subscribe tab select the desired Watchlists, and click Subscribe.

Answer: B

Explanation:
Reference:
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjl1tW404XvAhWZRhUIHSygB74QFjADegQIExAD& url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%
2Fproduct-docs-news%2F1913%2F18%2FEnterprise%2520EDR%2520Getting%
2520Started.pdf&usg=AOvVaw2_M7opfEgUaIIfutBZChvk (5)

 

NEW QUESTION 70
Which statement correctly defines the results of ignoring a feed report?

  • A. Ignoring a feed report will also ignore the threat intelligence feed.
  • B. Ignoring a feed report will ignore future instances of that report.
  • C. Ignoring a feed report will remove all instances of the report.
  • D. Ignoring a feed report will ignore all indicators in other threat reports.

Answer: A

 

NEW QUESTION 71
An administrator has configured a policy to run a standard background scan.
How long does this one-time scan take to complete on endpoints assigned to that policy?

  • A. 30 days
  • B. 1 day
  • C. 3-5 days
  • D. 180 days

Answer: A

 

NEW QUESTION 72
......

Authentic Best resources for 5V0-91.20 Online Practice Exam: https://surepass.actualtests4sure.com/5V0-91.20-practice-quiz.html

Related Blogs

more
VMware 5V0-91.20 Certification Practice Exam

The best Pass-Sure Material is here waiting for you. Our Actual Quiz File helps you study and prepare for your exam efficiently, then pass exam easily. Don't hesitate. Just come and choose our Test Braindumps.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ACTUALTESTS4SURE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor. Privacy Policy