Summer Special Discount 60% Offer - Ends in 0d 00h 00m 00s - Coupon code: brite60

ExamsBrite Dumps

VMware Carbon Black Cloud Endpoint Standard Skills Question and Answers

VMware Carbon Black Cloud Endpoint Standard Skills

Last Update Oct 1, 2025
Total Questions : 60

We are offering FREE 5V0-93.22 VMware exam questions. All you do is to just go and sign up. Give your details, prepare 5V0-93.22 free exam questions and then go for complete pool of VMware Carbon Black Cloud Endpoint Standard Skills test questions that will help you more.

5V0-93.22 pdf

5V0-93.22 PDF

$42  $104.99
5V0-93.22 Engine

5V0-93.22 Testing Engine

$50  $124.99
5V0-93.22 PDF + Engine

5V0-93.22 PDF + Testing Engine

$66  $164.99
Questions 1

What are the highest and lowest file reputation priorities, respectively, in VMware Carbon Black Cloud?

Options:

A.  

Priority 1: Ignore, Priority 11: Unknown

B.  

Priority 1: Unknown, Priority 11: Ignore

C.  

Priority 1: Known Malware, Priority 11: Common White

D.  

Priority 1: Company Allowed, Priority 11: Not Listed/Adaptive White

Discussion 0
Questions 2

A company wants to prevent an executable from running in their organization. The current reputation for the file is NOT LISTED, and the machines are in the default standard policy.

Which action should be taken to prevent the file from executing?

Options:

A.  

Add the hash to the MALWARE list.

B.  

Use Live Response to kill the process.

C.  

Use Live Response to delete the file.

D.  

Add the hash to the company banned list.

Discussion 0
Questions 3

An administrator needs to use an ID to search and investigate security incidents in Carbon Black Cloud.

Which three IDs may be used for this purpose? (Choose three.)

Options:

A.  

Threat

B.  

Hash

C.  

Sensor

D.  

Event

E.  

User

F.  

Alert

Discussion 0
Questions 4

An administrator wants to block an application by its path instead of reputation. The following steps have already been taken:

Go to Enforce > Policies > Select the desired policy >

Which additional steps must be taken to complete the task?

Options:

A.  

Click Enforce > Add application path name

B.  

Scroll down to the Permissions section > Click Add application path > Enter the path of the desired application

C.  

Scroll down to the Blocking and Isolation section > Click Edit (pencil icon) for the desired Reputation

D.  

Scroll down to the Blocking and Isolation section > Click Add application path > Enter the path of the desired application

Discussion 0
Questions 5

In which tab of the VMware Carbon Black Cloud interface can sensor status details be found?

Options:

A.  

Enforce > Policies

B.  

Inventory > Sensors

C.  

Inventory > Endpoints

D.  

Inventory > Sensor groups

Discussion 0
Questions 6

An administrator needs to fully analyze the relevant information of an event stored in the VMware Carbon Black Cloud.

On which page can this information be found?

Options:

A.  

Enforce

B.  

Investigate

C.  

Live Query

D.  

Inventory

Discussion 0
Questions 7

An administrator notices that a sensor's local AV signatures are out-of-date.

What effect does this have on newly discovered files?

Options:

A.  

The reputation is determined by cloud reputation.

B.  

The sensor prompts the end user to allow or deny the file.

C.  

The sensor automatically blocks the new file.

D.  

The sensor is unable to block a malicious file.

Discussion 0
Questions 8

An organization has found application.exe running on some machines in their Workstations policy. Application.exe has a SUSPECT_MALWARE reputation and runs from C:\Program Files\IT\Tools. The Workstations policy has the following rules which could apply:

Blocking and Isolation Rule

Application on the company banned list > Runs or is running > Deny

Known malware > Runs or is running > Deny

Suspect malware > Runs or is running > Terminate

Permissions Rule

C:\Program Files\IT\Tools\* > Performs any operation > Bypass

Which action, if any, should an administrator take to ensure application.exe cannot run?

Options:

A.  

Change the reputation to KNOWN MALWARE to a higher priority.

B.  

No action needs to be taken as the file will be blocked based on reputation alone.

C.  

Remove the Permissions rule for C:\Program FilesMTVToolsV.

D.  

Add the hash to the company banned list at a higher priority.

Discussion 0
Questions 9

An administrator wants to prevent ransomware that has not been seen before, without blocking other processes.

Which rule should be used?

Options:

A.  

[Adware or PUP] [Scrapes memory of another process] [Deny operation]

B.  

[Not listed application] [Performs ransomware-like behavior] [Terminate process

C.  

[Unknown malware] [Runs or is running] [Terminate process]

D.  

[Not listed application] [Runs or is running] [Terminate process]

Discussion 0
Questions 10

What connectivity is required for VMware Carbon Black Cloud Endpoint Standard to perform Sensor Certificate Validation?

Options:

A.  

TCP/443 to GoDaddy OCSP and CRL URLs (crl.godaddy.com and ocsp.godaddy.com)

B.  

TCP/80 to GoDaddy OCSP and CRL URLs (crl.godaddy.com and ocsp.godaddy.com)

C.  

TCP/443 to GoDaddy CRL URL (crl.godaddy.com and ocsp.godaddy.com)

D.  

TCP/80 to GoDaddy CRL URL (crl.godaddy.com and ocsp.godaddy.com)

Discussion 0
Questions 11

An administrator wants to find information about real-world prevention rules that can be used in VMware Carbon Black Cloud Endpoint Standard.

How can the administrator obtain this information?

Options:

A.  

Refer to an external report from other security vendors to obtain solutions.

B.  

Refer to the TAU-TIN's on the VMware Carbon Black community page.

C.  

Refer to the VMware Carbon Black Cloud sensor install guide.

D.  

Refer to VMware Carbon Black Cloud user guide.

Discussion 0
Questions 12

An administrator needs to configure a policy for macOS and Linux Sensors, not enabling settings which are only applicable to Windows.

Which three settings are only applicable to Sensors on the Windows operating system? (Choose three.)

Options:

A.  

Delay execute for cloud scan

B.  

Allow user to disable protection

C.  

Submit unknown binaries for analysis

D.  

Expedited background scan

E.  

Scan execute on network drives

F Require code to uninstall sensor

Discussion 0
Questions 13

The use of leading wildcards in a query is not recommended unless absolutely necessary because they carry a significant performance penalty for the search.

What is an example of a leading wildcard?

Options:

A.  

filemod:system32/ntdll.dll

B.  

filemod:system32/*ntdll.dll

C.  

filemod:*/system32/ntdll.dll

D.  

filemod:system32/ntdll.dll*

Discussion 0
Questions 14

What is a capability of VMware Carbon Black Cloud?

Options:

A.  

Continuous and decentralized recording

B.  

Attack chain visualization and search

C.  

Real-time view of attackers

D.  

Automation via closed SOAP APIs

Discussion 0
Questions 15

A user downloaded and executed malware on a system. The malware is actively exfiltrating data.

Which immediate action is recommended to prevent further exfiltration?

Options:

A.  

Check Security Advisories and Threat Research contents.

B.  

Place the device in quarantine.

C.  

Run a background scan.

D.  

Request upload of the file for analysis.

Discussion 0
Questions 16

An organization has the following requirements for allowing application.exe:

Must not work for any user's D:\ drive

Must allow running only from inside of the user's Temp\Allowed directory

Must not allow running from anywhere outside of Temp\Allowed

For example, on one user's machine, the path is C:\Users\Lorie\Temp\Allowed\application.exe.

Which path meets this criteria using wildcards?

Options:

A.  

C:\Users\?\Temp\Allowed\application.exe

B.  

C:\Users\*\Temp\Allowed\application.exe

C.  

*:\Users\**\Temp\Allowed\application.exe

D.  

*:\Users\*\Temp\Allowed\application.exe

Discussion 0
Questions 17

An administrator would like to proactively know that something may get blocked when putting a policy rule in the environment.

How can this information be obtained?

Options:

A.  

Search the data using the test rule functionality.

B Examine log files to see what would be impacted

B.  

Put the rules in and see what happens to the endpoints.

D Determine what would happen based on previously used antivirus software

Discussion 0
Questions 18

An administrator is reviewing how event data is categorized and identified in VMware Carbon Black Cloud.

Which method is used?

Options:

A.  

By Unique Process ID

B.  

By Process Name

C.  

By Unique Event ID

D.  

By Event Name

Discussion 0