A Carbon Black Cloud analyst needs to identify the Internet Explorer extensions installed on Windows endpoints.
Which Live Query statement will successfully query these items?
Answer : A
Which statement is true about configuring VMware Carbon Black Application Control for use on non-persistent virtual machines (VMג€™s)?
Answer : D
An administrator runs the following query in Audit and Remediation:
SELECT *
FROM users -
WHERE UID >= 500;
How long will this query stay active and accept data from the sensors?
Answer : C
Reference:
https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-Audit-and-Remediation-How-long-does-a-query/ta-p/34817
An administrator uses the following Enterprise EDR search query to show web browsers spawning non-browser child processes that connect over the network:
(parent_name:chrome.exe OR parent_name:iexplore.exe OR parent_name:firefox.exe) AND (NOT process_name:chrome.exe OR NOT process_name:iexplore.exe OR NOT process_name:firefox.exe)
Which field can be added to this query to filter the results by signature status?
Answer : C
Given the following query:
SELECT * FROM users WHERE UID >= 500;
Which statement is correct?
Answer : A
What are three ways to ignore a feed report within the EDR user interface? (Choose three.)
Answer : ABF
Reference:
https://community.carbonblack.com/t5/Knowledge-Base/EDR-How-to-Customize-a-Feed-to-Prevent-False-Positives/ta-p/64413
What is the maximum number of binaries (hashes) that can be banned using the web console?
Answer : C
An administrator wants to allow files to run from a network share.
Which rule type should the administrator configure?
Answer : A
An analyst is reviewing an alert in Enterprise EDR from a custom watchlist. The analyst disagrees with the alert severity rating.
How can the analyst change the alert severity value, if this is possible?
Answer : C
What information does the Alert Details panel provide on the Alert Triage page in Endpoint Standard?
Answer : A
An analyst on the security team noticed that several alerts are false positives within Enterprise EDR. The analyst disables the IOC within the report from those alerts.
Which statement correctly explains what disabling the IOC will accomplish?
Answer : C
Which identifier is shared by all events when an alert is investigated?
Answer : B
An Enterprise EDR administrator wants to use Watchlists curated by VMware Carbon Black and other threat intelligence specialists.
How should the administrator add these curated Watchlists from the Watchlists page?
Answer : A
Reference:
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjl1tW404XvAhWZRhUIHSygB74QFjADegQIExAD&url=https%
3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%2Fproduct-docs-news%2F1913%2F18%2FEnterprise%2520EDR%
2520Getting%2520Started.pdf&usg=AOvVaw2_M7opfEgUaIIfutBZChvk
(5)
An incorrectly constructed watchlist generates 10,000 incorrect alerts.
How should an administrator resolve this issue?
Answer : B
Which list below captures all Enforcement Levels for App Control policies?
Answer : C
Reference:
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwiFsPPz04XvAhWRsnEKHV4lBukQFjABegQIAhAD&url=https%
3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%2Fproduct-docs-news%2F2961%2F1%2FVMware%2520Carbon%
2520Black%2520App%2520Control%25208.5.0%2520User%2520Guide.pdf&usg=AOvVaw3es_0JTc8-_BifNR4iFiGl
(6)
Have any questions or issues ? Please dont hesitate to contact us