• Home
  • Articles
  • 5V0-91.20 Updated Exam Dumps [2022] Practice Valid Exam Dumps Question [Q63-Q79]

5V0-91.20 Updated Exam Dumps [2022] Practice Valid Exam Dumps Question [Q63-Q79]

Share

5V0-91.20 Updated Exam Dumps [2022] Practice Valid Exam Dumps Question

5V0-91.20 Sample with Accurate & Updated Questions

NEW QUESTION 63
Which two statements are true regarding Live Response? (Choose two.)

  • A. Live Response utilizes the same channel for sensor-server communications.
  • B. Live Response supports one user per session on an endpoint.
  • C. Live Response requires both view and manage permissions to use.
  • D. Live Response opens an SSH session with the remote device.
  • E. Live Response can only be initiated through the user interface.

Answer: A,E

 

NEW QUESTION 64
While an administrator is reviewing an alert, the device is observed beaconing to an unknown destination.
Which action should be taken to stop this behavior?

  • A. Put the device in Bypass mode
  • B. Assign the application to the Approved List
  • C. Place the device in Quarantine
  • D. Deregister the sensor

Answer: A

 

NEW QUESTION 65
What is the maximum number of binaries (hashes) that can be banned using the web console?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B

 

NEW QUESTION 66
An administrator viewed and filtered the results of a completed query within the User Interface for Audit and Remediation. The administrator exported the results to create charts and other visuals for reporting. When viewing the exported results, the administrator noticed some results were missing from the data set.
Why did the administrator not have the full data set from the query?

  • A. Export applies to the data visible in the UI; filtering will impact the viewable data.
  • B. Export is limited to the first hundred rows, and the query had more rows than supported.
  • C. Export was used prior to the query completing, and some data is missing.
  • D. Export pulls all results; the query must not have covered all data required.

Answer: C

 

NEW QUESTION 67
An administrator is searching for any child processes of email clients with this query in Carbon Black Enterprise EDR:
parent_name:outlook.exe OR parent_name:thunderbird.exe OR parent_name:eudora.exe The administrator would like to modify this query to only show child processes that do not have a known reputation in the Carbon Black Cloud.
Which search field can be added to the query to show the desired results?

  • A. process_reputation
  • B. process_integrity_level
  • C. process_privileges
  • D. process_cloud_reputation

Answer: A

 

NEW QUESTION 68
Review the following EDR query:
parent_name:outlook.exe AND -alliance_score_srstrust:* AND -digsig_result: "Signed' Which process would show in the query results?

  • A. Processes invoking outlook.exe that have an SRS Trust value and that are not digitally signed.
  • B. Processes invoked by outlook.exe that do not have an SRS Trust value and that are not digitally signed.
  • C. Processes invoking outlook.exe that do not have an SRS Trust value and that are not digitally signed.
  • D. Processes invoked by outlook.exe that have an SRS Trust value and that are digitally signed.

Answer: A

 

NEW QUESTION 69
Why would a sensor have a status of "Inactive"?

  • A. The sensor has been uninstalled from the endpoint for more than 30 days.
  • B. The sensor has not checked in within the last 30 days.
  • C. The device has been put in bypass for the last 30 days.
  • D. The sensor has been in disabled mode for more than 30 days.

Answer: B

 

NEW QUESTION 70
An organization leverages a commonly used software distribution tool to manage deployment of enterprise software and updates. Custom rules are a suitable option to ensure the approval of files delivered by this tool.
Which other trust mechanism could the organization configure for large-scale approval of these files?

  • A. Windows Update
  • B. Local Approval Mode
  • C. Rapid Config
  • D. Trusted Distributor

Answer: B

 

NEW QUESTION 71
An administrator observes the following event detail in the Investigate tab for an application with an unknown reputation making network connections:

Upon further review of the event details returned, the reputation is observed as NOT_LISTED, and the applied (cloud) reputation is UNKNOWN.
Why is the applied (cloud) reputation UNKNOWN and not NOT_LISTED?

  • A. The application was UNKNOWN at the time of the event but then later determined to be NOT_LISTED.
  • B. NOT_LISTED was applied by the sensor after observing no cloud reputation, as evidenced by the applied cloud reputation UNKNOWN.
  • C. The sensor demoted the local reputation from UNKNOWN to NOT_LISTED based on the coud reputation.
  • D. The sensor demoted the local reputation from NOT_LISTED to UNKNOWN based on the cloud reputation.

Answer: A

 

NEW QUESTION 72
What occurs when an administrator selects "Enable private logging level" in Sensor Settings under Policy?

  • A. Live Response is disabled.
  • B. Script Files that have unknown reputations are not uploaded.
  • C. Domain names are obfuscated.
  • D. Delay execute for cloud scan is disabled.

Answer: B

 

NEW QUESTION 73
Which value should an administrator use when reviewing an alert to determine the file reputation at the time the event occurred?

  • A. Cloud Reputation (Current)
  • B. Cloud Reputation (Initial)
  • C. Local Reputation
  • D. Effective Reputation

Answer: B

 

NEW QUESTION 74
An incorrectly constructed watchlist generates 10,000 incorrect alerts.
How should an administrator resolve this issue?

  • A. Update the Triage Alerts Page to show 200 alerts, click the Select All Checkbox, click the "Dismiss Alert(s)" button for each page, and then update the watchlist with the correct criteria.
  • B. From the Watchlists Page, select the offending watchlist, click "Clear Alerts" from the Action menu, and then update the watchlist with the correct criteria.
  • C. Delete the watchlist to automatically clear the alerts, and then create a new watchlist with the correct criteria.
  • D. From the Triage Alerts Page, use the facets to select the watchlist, click the Wrench button to "Mark all as Resolved False Positive", and then update the watchlist with the correct criteria.

Answer: D

 

NEW QUESTION 75
An administrator is creating a query per policy for Audit and Remediation. The administrator ran several recommended queries already but notices they are unable to run the same recommended query for one of their policies. The run button is grayed out.
Which statement correctly explains why the run button is unavailable?

  • A. The sensors in the policy do not support the table or query.
  • B. The administrator needs the use live query permission.
  • C. The query or table is not supported within osquery.
  • D. The number of consecutive running queries is limited.

Answer: B

 

NEW QUESTION 76
An administrator uses the following Enterprise EDR search query to show web browsers spawning nonbrowser child processes that connect over the network:
(parent_name:chrome.exe OR parent_name:iexplore.exe OR parent_name:firefox.exe) AND (NOT process_name:chrome.exe OR NOT process_name:iexplore.exe OR NOT process_name:firefox.exe) Which field can be added to this query to filter the results by signature status?

  • A. childproc_publisher_state
  • B. process_publisher_state
  • C. childproc_reputation
  • D. process_publisher

Answer: C

 

NEW QUESTION 77
Review this EDR query:
childproc_name:whoami.exe AND childproc_name:hostname.exe AND childproc_name:tasklist.exe AND childproc_name:ipconfig.exe Which process would show in the query results?

  • A. Any process invoked by whoami.exe, hostname.exe, tasklist.exe, or ipconfig.exe
  • B. Any process invoked by whoami.exe, hostname.exe, tasklist.exe, and ipconfig.exe
  • C. Any process invoking whoami.exe, hostname.exe, tasklist.exe, and ipconfig.exe
  • D. Any process invoking whoami.exe, hostname.exe, tasklist.exe, or ipconfig.exe

Answer: C

 

NEW QUESTION 78
Given the following query:
SELECT hostname, cpu_type, cpu_brand, cpu_physical_cores, cpu_logical_cores, cpu_microcode, (1.0 * physical_memory / (1000*1000*1000)) AS physical_mem_gb, hardware_vendor, hardware_model, hardware_version, hardware_serial FROM system_info; Which statement Is correct?

  • A. This query combines data from several different tables.
  • B. This query customizes the results returned by the system.
  • C. This query is missing a filter option.
  • D. This query shows data from the physical_mem_gb column.

Answer: C

 

NEW QUESTION 79
......

Pass VMware 5V0-91.20 Premium Files Test Engine pdf - Free Dumps Collection: https://passleader.realexamfree.com/5V0-91.20-real-exam-dumps.html

Related Articles

more
VMware 5V0-91.20 Certification Practice Exam

The passing rate of our valid exam braindumps for most certifications is high up to 99%. A small PDF dumps free is ready to download for new customers to tell if our exam dumps are suitable for their real exam.

Latest Exams Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 RealExamFree NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy