• Home
  • Blogs
  • Updated Dec-2021 Exam Engine or PDF for the VMware 5V0-91.20 test to help you quickly prepare for the VMware exam! [Q17-Q39]

Updated Dec-2021 Exam Engine or PDF for the VMware 5V0-91.20 test to help you quickly prepare for the VMware exam! [Q17-Q39]

Share

Updated Dec-2021 Test Engine or PDF for the VMware 5V0-91.20 test to help you quickly prepare for the VMware exam!

Full 5V0-91.20 Practice Test and 115 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 17
An analyst has investigated multiple alerts on a number of HR workstations and found that java.exe is attempting to PowerShell. Of the Windows workstations in question, the analyst has also found that Java is installed in multiple locations. The analyst needs to block java.exe from this type of operation.
Which rule meets this need?

  • A. **/java.exe -> Invokes an untrusted process -> Terminate process
  • B. **\Program Files\*\java.exe -> Invokes a command interpreter -> Terminate process
  • C. **\java.exe -> Invokes a command interpreter -> Deny operation
  • D. **/Program Files/*/java.exe-> Invokes an untrusted process -> Deny operation

Answer: B

 

NEW QUESTION 18
Which list below captures all Enforcement Levels for App Control policies?

  • A. Control, Local Approval, Disabled
  • B. High Enforcement, Medium Enforcement, Low Enforcement, None (Visibility), None (Disabled)
  • C. Critical, Lockdown, Monitored, Tracking, Banning
  • D. High Enforcement, Medium Enforcement, Low Enforcement

Answer: B

Explanation:
Reference:
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwiFsPPz04XvAhWRsnEKHV4lBukQFjABegQIAhAD& url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%
2Fproduct-docs-news%2F2961%2F1%2FVMware%2520Carbon%2520Black%2520App%2520Control%
25208.5.0%2520User%2520Guide.pdf&usg=AOvVaw3es_0JTc8-_BifNR4iFiGl (6)

 

NEW QUESTION 19
Which statement is true about Carbon Black Live Response (CBLR)?

  • A. CBLR is disabled by default.
  • B. CBLR cannot be accessed through the API.
  • C. CBLR is only available on Windows Endpoints.
  • D. CBLR sessions do not need to wait for the next sensor check-in.

Answer: A

 

NEW QUESTION 20
Which Sensor Status under Endpoint Health indicates that a system's policy enforcement is disabled, and the sensor is not sending security event data to the cloud?

  • A. Bypass
  • B. Quarantined
  • C. Deregistered
  • D. Inactive

Answer: A

Explanation:
Reference:
Bypass-has-been-Enabled-on-the/ta-p/74905

 

NEW QUESTION 21
A process wrote an executable file as detailed in the following event:

Which rule type should be used to ensure that files of the same name and path, written by that process in the future, will not be blocked when they execute?

  • A. Trusted Path
  • B. Advances (Write-Ignore)
  • C. Trusted Publisher
  • D. File Creation Control

Answer: D

 

NEW QUESTION 22
An administrator viewed and filtered the results of a completed query within the User Interface for Audit and Remediation. The administrator exported the results to create charts and other visuals for reporting. When viewing the exported results, the administrator noticed some results were missing from the data set.
Why did the administrator not have the full data set from the query?

  • A. Export pulls all results; the query must not have covered all data required.
  • B. Export applies to the data visible in the UI; filtering will impact the viewable data.
  • C. Export was used prior to the query completing, and some data is missing.
  • D. Export is limited to the first hundred rows, and the query had more rows than supported.

Answer: C

 

NEW QUESTION 23
What is the meaning, if any, of the event Report write (removable media)?

  • A. This event would never occur. App Control does not report activity on removable media.
  • B. A Policy's device control setting 'Block writes to unapproved removable media' is set to Report Only. The event details show the process, file name, and hash modified or deleted on the removable media.
  • C. A Policy's device control setting 'Block writes to unapproved removable media' is set to Enabled. The event details show the process, file name, and hash modified or deleted on the removable media.
  • D. A Policy's device control setting 'Block writes to unapproved removable media' is set to Report Only. The event details show the process and file name modified or deleted on the unapproved removable media.

Answer: D

 

NEW QUESTION 24
An alert for a device running a proprietary application is tied to a vital business operation.
Which action is appropriate to take?

  • A. Quarantine the device.
  • B. Terminate the process.
  • C. Deny the operation.
  • D. Add the application to the Approved List.

Answer: D

 

NEW QUESTION 25
An analyst is investigating an alert within the Enterprise EDR console and needs to take action on it.
Which three actions are available to take on the alert? (Choose three.)

  • A. Edit watchlist
  • B. Save report
  • C. Notifications history
  • D. Dismiss on all devices if grouping is enabled
  • E. Dismiss
  • F. Ignore alert

Answer: B,D,E

Explanation:
Reference:
Alerts/ta-p/51766

 

NEW QUESTION 26
An Enterprise EDR administrator sees the process in the graphic on the Investigate page but does not see an alert for this process:

How can the administrator generate an alert for future hits against this watchlist?

  • A. Select the watchlist on the watchlists page, select the Scheduled Task Created report, and use Take Action to toggle Alert on hit to On.
  • B. Select the watchlist on the watchlists page and click on Alerts: Off to toggle the alerts to On.
  • C. Select the watchlist on the watchlists page, use Take Action to select Edit, and select Alert on hit.
  • D. select the watchlist on the watchlists page, select the Scheduled Task Created report, and use Take Action to select Alert on hit for the report.

Answer: C

 

NEW QUESTION 27
Which statement is true when searching through the EDR server UI?

  • A. The backslash \ is the character to escape characters.
  • B. Whitespaces between search terms imply the OR operator.
  • C. The percent symbol % is the character to represent a wildcard.
  • D. The exclamation point ! is the character to represent negation.

Answer: C

 

NEW QUESTION 28
Given the following query:
SELECT hostname, cpu_type, cpu_brand, cpu_physical_cores, cpu_logical_cores, cpu_microcode, (1.0 * physical_memory / (1000*1000*1000)) AS physical_mem_gb, hardware_vendor, hardware_model, hardware_version, hardware_serial FROM system_info; Which statement Is correct?

  • A. This query is missing a filter option.
  • B. This query shows data from the physical_mem_gb column.
  • C. This query combines data from several different tables.
  • D. This query customizes the results returned by the system.

Answer: A

 

NEW QUESTION 29
Which Live Query statement is properly constructed?

  • A. SELECT * FROM users;
  • B. select * from *:
  • C. SELECT * FROM 'users'
  • D. select from users;

Answer: A

 

NEW QUESTION 30
Which value should an administrator use when reviewing an alert to determine the file reputation at the time the event occurred?

  • A. Local Reputation
  • B. Cloud Reputation (Current)
  • C. Effective Reputation
  • D. Cloud Reputation (Initial)

Answer: D

 

NEW QUESTION 31
A Carbon Black Cloud analyst needs to identify the Internet Explorer extensions installed on Windows endpoints.
Which Live Query statement will successfully query these items?

  • A. SELECT * FROM registry JOIN ie_extensions;
  • B. SELECT * FROM registry WHERE ie_extensions;
  • C. SELECT * FROM ie_extensions;
  • D. SELECT * FROM ie_extensions WHERE enabled=true;

Answer: A

 

NEW QUESTION 32
An administrator is concerned that someone may be using unauthorized commands from cmd.exe. These commands are not considered suspicious or malicious, and there is no policy based around them.
Which page should the administrator use to find these commands?

  • A. Alerts
  • B. Sensor Management
  • C. Policies
  • D. Investigate

Answer: B

 

NEW QUESTION 33
The security operations group is complaining that they are getting multiple App Control alerts for specific malicious files after they have banned the file.
Which step is necessary to prevent future alerts on these files?

  • A. Disable the Reminder Mail.
  • B. Edit the Malicious File Detected Alert. Select the criteria: Ignore already banned files and Ignore already approved files.
  • C. Set the Alert Status to Disabled.
  • D. Edit the Malicious File Detected Alert. Select the criteria: Ignore already banned files.

Answer: A

 

NEW QUESTION 34
An analyst is reviewing an alert in Enterprise EDR from a custom watchlist. The analyst disagrees with the alert severity rating.
How can the analyst change the alert severity value, if this is possible?

  • A. The alert severity is assigned by the backend analytics.
  • B. The alert severity is not configurable.
  • C. Change the alert severity on the report.
  • D. Change the alert severity on the watchlist.

Answer: D

 

NEW QUESTION 35
An Enterprise EDR administrator is reviewing the Investigate page and believes they are receiving false positive hits from specific watchlist.
Which three options reduce future false positive hits from this watchlist? (Choose three.)

  • A. Disable the watchlist associated with the false positives.
  • B. Select edit watchlist and uncheck alert on hits.
  • C. Dismiss the watchlist hit.
  • D. Disable/remove the report associated with the false positives.
  • E. Modify policy rules to exclude the false positive directory.
  • F. Disable/remove the IOC associated with the false positives.

Answer: B,D,F

 

NEW QUESTION 36
After an emergency, what does the Restore computer button do on the App Control Home page?

  • A. Move all computers to High Enforcement level
  • B. Move all computers to Low Enforcement level
  • C. Move all computers to the original Enforcement level
  • D. Move all computers to Medium Enforcement level

Answer: C

 

NEW QUESTION 37
Review the following EDR query:
parent_name:outlook.exe AND -alliance_score_srstrust:* AND -digsig_result: "Signed' Which process would show in the query results?

  • A. Processes invoking outlook.exe that do not have an SRS Trust value and that are not digitally signed.
  • B. Processes invoked by outlook.exe that have an SRS Trust value and that are digitally signed.
  • C. Processes invoking outlook.exe that have an SRS Trust value and that are not digitally signed.
  • D. Processes invoked by outlook.exe that do not have an SRS Trust value and that are not digitally signed.

Answer: C

 

NEW QUESTION 38
A process is writing numerous interesting files that never actually execute.
Which rule type can the administrator define that will prevent reporting these file creations?

  • A. Performance Optimization
  • B. Expert (Tag Process, Terminate Process)
  • C. Execute Ignore
  • D. File Creation Control (Suppress)

Answer: A

 

NEW QUESTION 39
......

Full 5V0-91.20 Practice Test and 115 unique questions with explanations waiting just for you, get it now: https://www.topexamcollection.com/5V0-91.20-vce-collection.html

Related Blogs

more
VMware 5V0-91.20 Certification Practice Exam

TopExamCollection is a professional website offering the top pass-rate Exam Collection materials so that most of candidates feel our exam materials are helpful and help them pass exam casually in first time. If you want to study and prepare efficiently our Exam Collection should be your best products.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 TOPEXAMCOLLECTION.COM. Privacy Policy

Disclaimer:
TopExamCollection material do not contain actual Business Architecture Guild Exam Questions or materials. TopExamCollection doesn't offer Real Amazon Exam Questions.
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
TopExamCollection does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. TopExamCollection does not own or claim any ownership on any of the brands.