VMware Certification 5V0-91.20 Exam Practice Questions Killtest V8.02

2. The safer , easier way to help you pass any IT exams. 1.An administrator wants to query the status of the firewall for all endpoints. The administrator will query the registry key found here HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy \StandardProfile. To make the results easier to understand, the administrator wants to return either enabled or disabled for the results, rather than the value from the registry key. Which SQL statement will rewrite the output based on a specific result set returned from the system? A. CASE B. AS C. ALTER D. SELECT Answer: A Explanation: Reference: https://www.carbonblack.com/blog/8-live-queries-that-will-speed-up-your-next-pci-audit/l 2.An analyst navigates to the alerts page in Endpoint Standard and sees the following: 5V0-41.20 VMware SD-WAN Troubleshoot 2021 VMware Questions Killtest What does the yellow color represent on the left side of the row? A. It is an alert from a watchlist rather than the analytics engine. B. It is a threat alert and warrants immediate investigation. C. It is an observed alert and may indicate suspicious behavior. D. It is a dismissed alert within the user interface. Answer: A 3.An Enterprise EDR administrator sees the process in the graphic on the Investigate page but does not see an alert for this process: How can the administrator generate an alert for future hits against this watchlist? A. select the watchlist on the watchlists page, select the Scheduled Task Created report, and use Take Action to select Alert on hit for the report. B. Select the watchlist on the watchlists page, select the Scheduled Task Created report, and use Take Action to toggle Alert on hit to On. C. Select the watchlist on the watchlists page and click on Alerts: Off to toggle the alerts to On. D. Select the watchlist on the watchlists page, use Take Action to select Edit, and select Alert on hit. 2 / 6

3. The safer , easier way to help you pass any IT exams. Answer: D 4.An administrator runs multiple queries on tables and combines the results after the fact to correlate data. The administrator needs to combine rows from multiple tables based on data from a related column in each table. Which SQL statement should be used to achieve this goal? A. JOIN B. WHERE C. AS D. COMBINE Answer: A 5.An administrator wants to allow files to run from a network share. Which rule type should the administrator configure? A. Execute Prompt (Shared Path) B. Trusted Path C. Network Execute (Allow) D. Write Approve (Network) Answer: A 6.What are the three available methods in VMware Carbon Black App Control by which an endpoint (agent) can be assigned to a specific policy? (Choose three.) A. By pushing the designated GPO script B. Via DASCLI command C. By installing the agent via SCCM D. Manual policy assignment E. By branded/policy-specific installer F. By Active Directory Mapping Answer: C,D,F 7.Which Live Query statement is properly constructed? A. SELECT * FROM 'users' B. select * from *: C. select from users; D. SELECT * FROM users; Answer: D 8.An administrator has configured a policy to run a standard background scan. How long does this one-time scan take to complete on endpoints assigned to that policy? A. 180 days B. 30 days C. 3-5 days D. 1 day Answer: B 5V0-41.20 VMware SD-WAN Troubleshoot 2021 VMware Questions Killtest 3 / 6

4. The safer , easier way to help you pass any IT exams. 9.An analyst is investigating an alert within the Enterprise EDR console and needs to take action on it. Which three actions are available to take on the alert? (Choose three.) A. Ignore alert B. Dismiss C. Dismiss on all devices if grouping is enabled D. Edit watchlist E. Save report F. Notifications history Answer: B,C,E Explanation: Reference: https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-How-to-Dismiss-Alerts/ta-p/ 51766 5V0-41.20 VMware SD-WAN Troubleshoot 2021 VMware Questions Killtest 10.Review this EDR query: childproc_name:whoami.exe AND childproc_name:hostname.exe AND childproc_name:tasklist.exe AND childproc_name:ipconfig.exe Which process would show in the query results? A. Any process invoked by whoami.exe, hostname.exe, tasklist.exe, and ipconfig.exe B. Any process invoked by whoami.exe, hostname.exe, tasklist.exe, or ipconfig.exe C. Any process invoking whoami.exe, hostname.exe, tasklist.exe, or ipconfig.exe D. Any process invoking whoami.exe, hostname.exe, tasklist.exe, and ipconfig.exe Answer: D 11.An administrator is searching for any child processes of email clients with this query in Carbon Black Enterprise EDR: parent_name:outlook.exe OR parent_name:thunderbird.exe OR parent_name:eudora.exe The administrator would like to modify this query to only show child processes that do not have a known reputation in the Carbon Black Cloud. Which search field can be added to the query to show the desired results? A. process_integrity_level B. process_reputation C. process_privileges D. process_cloud_reputation Answer: B 12.An analyst is reviewing an alert in Enterprise EDR from a custom watchlist. The analyst disagrees with the alert severity rating. How can the analyst change the alert severity value, if this is possible? A. The alert severity is assigned by the backend analytics. B. The alert severity is not configurable. C. Change the alert severity on the watchlist. D. Change the alert severity on the report. 4 / 6

5. The safer , easier way to help you pass any IT exams. Answer: C 13.How long will Live Queries in Carbon Black Audit and Remediation run before timing out? A. 30 days B. 14 days C. 180 days D. 7 days Answer: D 14.Which reputation is processed with the lowest priority for Endpoint Standard? A. Local White B. Known Malware C. Trusted White D. Common White Answer: B 15.Which value should an administrator use when reviewing an alert to determine the file reputation at the time the event occurred? A. Cloud Reputation (Initial) B. Effective Reputation C. Local Reputation D. Cloud Reputation (Current) Answer: A 16.App Control System Health email alerts for excessive agent backlog are occurring hourly. This is overwhelming the analysts, and they would like to reduce the notifications. How can the analyst reduce the unneeded alerts? A. Set the email address for subscribers to an invalid email. B. Change reminder email to daily or disabled. C. Disable the alert. D. Delete the alert. Answer: B 17.Which statement filters data to only return rows where the publisher of the software includes VMware anywhere in the name? A. WHERE publisher = "%VMware%" B. WHERE publisher = "%VMware" C. WHERE publisher LIKE "VMware%" D. WHERE publisher LIKE "%VMware%" Answer: D 18.A company wants to implement the strictest security controls for computers on which the software seldom changes (i.e., servers or single-purpose systems). Which Enforcement Level is the most fitting? 5V0-41.20 VMware SD-WAN Troubleshoot 2021 VMware Questions Killtest 5 / 6

6. The safer , easier way to help you pass any IT exams. A. Low Enforcement B. Medium Enforcement C. High Enforcement D. None (Visibility) Answer: C 19.Review this result after executing a query in the Process Search page, noting the circled black dot: 5V0-41.20 VMware SD-WAN Troubleshoot 2021 VMware Questions Killtest What is the meaning of the black dot shown under Tags? A. The execution of the process resulted in watchlist hits. B. The events for the process were tagged in an investigation. C. The events for the process were also sent to the Syslog Server. D. The execution of the process resulted in feed hits. Answer: D 20.How often do watchlists run? A. Every 10 minutes B. Every 5 minutes C. Watchlists can be configured to run at scheduled intervals D. Every 30 minutes Answer: C 6 / 6