• Home
  • Articles
  • [Dec 26, 2021] New 5V0-91.20 Exam Dumps with High Passing Rate [Q18-Q43]

[Dec 26, 2021] New 5V0-91.20 Exam Dumps with High Passing Rate [Q18-Q43]

Share

[Dec 26, 2021] New 5V0-91.20 Exam Dumps with High Passing Rate

Get 5V0-91.20 Braindumps & 5V0-91.20 Real Exam Questions

NEW QUESTION 18
An analyst is investigating an alert within the Enterprise EDR console and needs to take action on it.
Which three actions are available to take on the alert? (Choose three.)

  • A. Edit watchlist
  • B. Save report
  • C. Notifications history
  • D. Dismiss on all devices if grouping is enabled
  • E. Dismiss
  • F. Ignore alert

Answer: B,D,E

Explanation:
Reference:
Alerts/ta-p/51766

 

NEW QUESTION 19
When executing a program in App Control, the notification message informs the user that the file is not approved with an option to request approval.
Which Enforcement level is currently enacted?

  • A. Default
  • B. Medium
  • C. High
  • D. Low

Answer: A

 

NEW QUESTION 20
Which reputation is processed with the lowest priority for Endpoint Standard?

  • A. Local White
  • B. Known Malware
  • C. Common White
  • D. Trusted White

Answer: B

 

NEW QUESTION 21
Which statement is true about configuring VMware Carbon Black Application Control for use on non-persistent virtual machines (VM's)?

  • A. The endpoint housing the agent template must always be off except when updating the image.
  • B. The endpoint housing the agent template must always be on/running except when updating the image.
  • C. The agent running on the template machine must not be initialized before deploying clones.
  • D. The gold image housing the agent template must be digitally signed to ensure the integrity of the agent cache.

Answer: C

 

NEW QUESTION 22
A Carbon Black Cloud analyst needs to identify the Internet Explorer extensions installed on Windows endpoints.
Which Live Query statement will successfully query these items?

  • A. SELECT * FROM registry JOIN ie_extensions;
  • B. SELECT * FROM registry WHERE ie_extensions;
  • C. SELECT * FROM ie_extensions;
  • D. SELECT * FROM ie_extensions WHERE enabled=true;

Answer: A

 

NEW QUESTION 23
An analyst is investigating an alert within Enterprise EDR. The alert is tied to an unusual process name. When navigating to the binary details page, for the binary used in the alert, the analyst sees the following:

The analyst wants to find any instances of this process executing regardless of the process name used.
Which two details from the binary can be used to search for the application regardless of the seen name?
(Choose two.)

  • A. The product version
  • B. The original filename
  • C. The binary's hash
  • D. The publisher name
  • E. The path

Answer: A,E

 

NEW QUESTION 24
A company uses Audit and Remediation to check configurations and adhere to compliance regulations. The regulations require monthly reporting and twelve months of data retained.
How can an administrator accomplish this requirement with Audit and Remediation?

  • A. Schedule the query to run monthly, and no further action is required.
  • B. Schedule the query to run monthly, and configure the audit log retention to 12 months.
  • C. Schedule the query to run monthly, and export the results for each run to an external location.
  • D. Schedule the query to run monthly, and set the data retention to 12 months for the query.

Answer: C

 

NEW QUESTION 25
Level 3 service desk personnel have been approved to modify computer enforcement levels by security governance.
Which set of steps is required to implement this change?

  • A. Create new user role, map AD group to role, assign permission "Manage computers" to role.
  • B. Create new user role, assign permission "Manage computers" to role.
  • C. Assign permission "Temporary assign computers" to each user.
  • D. Create new user role, map AD group to role, assign permission "Temporary assign computers" to role.

Answer: C

 

NEW QUESTION 26
Review the following EDR query:
(parent_name:powershell.exe OR parent_name:cmd.exe) AND netconn_count:[l TO *] Which process would show in the query results?

  • A. Processes invoked by Powershell.exe and cmd.exe with a single network connection event
  • B. Processes invoking Powershell.exe or cmd.exe with multiple network connection events
  • C. Processes invoked by Powershell.exe or cmd.exe with any number of network connection events
  • D. Processes invoking Powershell.exe and cmd.exe with multiple network connection events

Answer: A

 

NEW QUESTION 27
What is the maximum number of binaries (hashes) that can be banned using the web console?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B

 

NEW QUESTION 28
Which two statements are true about Carbon Black alerts? (Choose two.)

  • A. Carbon Black does not generate alerts.
  • B. They are stored for 15 days.
  • C. They can be grouped together.
  • D. Once received, it can be dismissed in bulk.
  • E. Once dismissed, the action cannot be undone.

Answer: A,B

 

NEW QUESTION 29
Which Live Query statement is properly constructed?

  • A. SELECT * FROM users;
  • B. select * from *:
  • C. SELECT * FROM 'users'
  • D. select from users;

Answer: A

 

NEW QUESTION 30
How often do watchlists run?

  • A. Every 30 minutes
  • B. Watchlists can be configured to run at scheduled intervals
  • C. Every 10 minutes
  • D. Every 5 minutes

Answer: B

 

NEW QUESTION 31
Which list below captures all Enforcement Levels for App Control policies?

  • A. Control, Local Approval, Disabled
  • B. High Enforcement, Medium Enforcement, Low Enforcement, None (Visibility), None (Disabled)
  • C. Critical, Lockdown, Monitored, Tracking, Banning
  • D. High Enforcement, Medium Enforcement, Low Enforcement

Answer: B

Explanation:
Reference:
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwiFsPPz04XvAhWRsnEKHV4lBukQFjABegQIAhAD& url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%
2Fproduct-docs-news%2F2961%2F1%2FVMware%2520Carbon%2520Black%2520App%2520Control%
25208.5.0%2520User%2520Guide.pdf&usg=AOvVaw3es_0JTc8-_BifNR4iFiGl (6)

 

NEW QUESTION 32
An administrator uses the following Enterprise EDR search query to show web browsers spawning nonbrowser child processes that connect over the network:
(parent_name:chrome.exe OR parent_name:iexplore.exe OR parent_name:firefox.exe) AND (NOT process_name:chrome.exe OR NOT process_name:iexplore.exe OR NOT process_name:firefox.exe) Which field can be added to this query to filter the results by signature status?

  • A. childproc_reputation
  • B. process_publisher
  • C. process_publisher_state
  • D. childproc_publisher_state

Answer: A

 

NEW QUESTION 33
An Endpoint Standard analyst runs the query in the graphic below:

Which three statements are true from the results shown? (Choose three.)

  • A. The process was run under the NT_AUTHORITY\SYSTEM user context.
  • B. The process was able to inject code into another process.
  • C. The process made a network connection to another system.
  • D. The process had a NOT_LISTED reputation at the time the event occurred.
  • E. The process has a threat score greater than 4.
  • F. The process is a PowerShell process running a script with a .ps1 extension.

Answer: B,D,F

 

NEW QUESTION 34
An analyst is investigating an alert within Enterprise EDR on the process analysis page. The process tree can be seen below:

Which statement accurately characterizes this situation?

  • A. The analyst navigated to this process analysis page from the wscrlpt.exe process.
  • B. Conhost.exe has one or more child processes.
  • C. The solid line between the nodes denotes a process was injected into by another process.
  • D. Several nodes in this process tree have watchlist hits.

Answer: C

 

NEW QUESTION 35
An administrator observes the following event detail in the Investigate tab for an application with an unknown reputation making network connections:

Upon further review of the event details returned, the reputation is observed as NOT_LISTED, and the applied (cloud) reputation is UNKNOWN.
Why is the applied (cloud) reputation UNKNOWN and not NOT_LISTED?

  • A. The sensor demoted the local reputation from NOT_LISTED to UNKNOWN based on the cloud reputation.
  • B. NOT_LISTED was applied by the sensor after observing no cloud reputation, as evidenced by the applied cloud reputation UNKNOWN.
  • C. The sensor demoted the local reputation from UNKNOWN to NOT_LISTED based on the coud reputation.
  • D. The application was UNKNOWN at the time of the event but then later determined to be NOT_LISTED.

Answer: D

 

NEW QUESTION 36
Review this result after executing a query in the Process Search page, noting the circled black dot:

What is the meaning of the black dot shown under Tags?

  • A. The events for the process were also sent to the Syslog Server.
  • B. The execution of the process resulted in watchlist hits.
  • C. The execution of the process resulted in feed hits.
  • D. The events for the process were tagged in an investigation.

Answer: C

 

NEW QUESTION 37
An analyst navigates to the alerts page in Endpoint Standard and sees the following:

What does the yellow color represent on the left side of the row?

  • A. It is an alert from a watchlist rather than the analytics engine.
  • B. It is a dismissed alert within the user interface.
  • C. It is an observed alert and may indicate suspicious behavior.
  • D. It is a threat alert and warrants immediate investigation.

Answer: A

 

NEW QUESTION 38
Examine the following EDR query:
file_desc:"Windows Command Processor" AND -process_name:cmd.exe
Which process will show in the query results?

  • A. Any process with the binary file description "Windows Command Processor" named cmd.exe
  • B. Any process named cmd.exe
  • C. Any process named something other than cmd.exe with the file description of "Windows Command Processor"
  • D. Any process with the binary file description "Windows Command Processor"

Answer: A

 

NEW QUESTION 39
An organization leverages a commonly used software distribution tool to manage deployment of enterprise software and updates. Custom rules are a suitable option to ensure the approval of files delivered by this tool.
Which other trust mechanism could the organization configure for large-scale approval of these files?

  • A. Trusted Distributor
  • B. Windows Update
  • C. Rapid Config
  • D. Local Approval Mode

Answer: D

 

NEW QUESTION 40
What are three ways to ignore a feed report within the EDR user interface? (Choose three.)

  • A. Investigations page
  • B. Alert Dashboard page
  • C. After marking a feed alert as a false positive
  • D. Search Threat Reports page
  • E. Threat Reports Details page
  • F. Threat Intelligence Feeds page

Answer: C,E,F

Explanation:
Reference:
Prevent-False-Positives/ta-p/64413

 

NEW QUESTION 41
Refer to the exhibit:

Which statement is true in regards to communication between the sensor and server?

  • A. The sensor must be able to resolve the name cb.yourcompany.com.
  • B. The communication is unencrypted.
  • C. The server must have an entry in the host file for cb.yourcompany.com.
  • D. The sensor will communicate on a non-default port.

Answer: B

 

NEW QUESTION 42
Refer to the exhibit, noting the circled red dot:

What is the meaning of the red dot under Hits in the Process Search page?

  • A. Whether the execution of the process resulted in a sensor hit
  • B. Whether the execution of the process resulted in matching hits for different users
  • C. Whether the execution of the process resulted in a feed hit
  • D. Whether the execution of the process resulted in a syslog hit

Answer: B

 

NEW QUESTION 43
......


Introduction to VMware 5V0-91.20: VMware Carbon Black Portfolio Skills Exam

Candidates for this VMware 5V0-91.20: VMware Carbon Black Portfolio Skills Exam are seeking to prove core knowledge in designing VMware Workspace ONE Unified Endpoint Management solutions. The VMware Carbon Black EndPoint Protection 2021 Recognize how to use product features in accordance with the company’s compliance posture and operational policies is validated. The holder of the badge shows a thorough, professional insight into the Carbon Black Portfolio. After a year’s qualification edition, VMware will better maintain the content of examinations and instruction and, most specifically, offer certification applicants to convey how their qualifications in comparison to other certifications are present. If you have received a VMware badge, you will be notified via e-mail to claim the badge. When you approve your badge, you are automatically placed in a shared workflow, allowing you to share your badges via Facebook, Twitter or LinkedIn, insert them on a personal website or share them by email. A single source that blends your qualifications with an outline of your abilities. Digital badges allow you to share your achievements quickly on social media. Enables employees to verify the VMware credentials easily and validly.

Before taking 5V0-91.20 exam test, candidates should have solid foundational knowledge of the topics outlined in the preparation guide, which comes from the 5V0-91.20 dumps and 5V0-91.20 practice exams including Workspace ONE Unified Endpoint Management troubleshooting and it’s integration. It is suggested that exam aspirants be familiar with the fundamentals of VMware Workspace ONE Unified Endpoint Management solution.

 

5V0-91.20 Dumps To Pass VMware Exam in 24 Hours - PassTorrent: https://www.passtorrent.com/5V0-91.20-latest-torrent.html

Related Articles

more
VMware 5V0-91.20 Certification Practice Exam

Our exam sure pass torrent with the latest and accurate questions & answers help you pass the actual test with 100% assurance. Now, you can download the free demo for practice and try. You can easily pass with our training torrent.

Tags

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 PassTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy