Question No. 1

An administrator uses the following Enterprise EDR search query to show web browsers spawning nonbrowser child processes that connect over the network:

(parent_name:chrome.exe OR parent_name:iexplore.exe OR parent_name:firefox.exe) AND (NOT

process_name:chrome.exe OR NOT process_name:iexplore.exe OR NOT process_name:firefox.exe)

Which field can be added to this query to filter the results by signature status?

Achildproc_publisher_state

Bprocess_publisher

Cchildproc_reputation

Dprocess_publisher_state

Show Answer

Correct Answer: C

Question No. 2

After an emergency, what does the Restore computer button do on the App Control Home page?

AMove all computers to the original Enforcement level

BMove all computers to High Enforcement level

CMove all computers to Low Enforcement level

DMove all computers to Medium Enforcement level

Show Answer

Correct Answer: A

Question No. 3

App Control System Health email alerts for excessive agent backlog are occurring hourly. This is

overwhelming the analysts, and they would like to reduce the notifications.

How can the analyst reduce the unneeded alerts?

ASet the email address for subscribers to an invalid email.

BChange reminder email to daily or disabled.

CDisable the alert.

DDelete the alert.

Show Answer

Correct Answer: B

Question No. 4

Which two statements are true regarding Live Response? (Choose two.)

ALive Response can only be initiated through the user interface.

BLive Response supports one user per session on an endpoint.

CLive Response opens an SSH session with the remote device.

DLive Response requires both view and manage permissions to use.

ELive Response utilizes the same channel for sensor-server communications.

Show Answer

Correct Answer: A, E

Question No. 5

What is the meaning, if any, of the event Report write (removable media)?

AThis event would never occur. App Control does not report activity on removable media.

BA Policy's device control setting 'Block writes to unapproved removable media' is set to Report Only. The event details show the process, file name, and hash modified or deleted on the removable media.

CA Policy's device control setting 'Block writes to unapproved removable media' is set to Report Only. The event details show the process and file name modified or deleted on the unapproved removable media.

DA Policy's device control setting 'Block writes to unapproved removable media' is set to Enabled. The event details show the process, file name, and hash modified or deleted on the removable media.

Show Answer

Correct Answer: C

Free VMware 5V0-91.20 Exam Actual Questions

The questions for 5V0-91.20 were last updated On Nov 4, 2024