VMware certification 5V0-91.20 real questions have been cracked, which are the best material for you to clear the test. To earn VMware Carbon Black EndPoint Protection 2022 certification, you need to take and pass VMware 5V0-91.20 exam. VMware Carbon Black Portfolio Skills 5V0-91.20 exam validates your knowledge on how to use the capabilities of the products according to the organization’s security posture and organizational policies.
VMware Carbon Black Portfolio Skills 5V0-91.20 exam basic information is a first step for you to study the test.
The following are the details of VMware Carbon Black EndPoint Protection 2022 5V0-91.20 exam topics.
Section 1 - Introduction - There are no testable objectives for this section
Section 2 - VMware Products and Solutions
Section 3 - VMware Carbon Black EDR
Section 4 - VMware Carbon Black Cloud Endpoint Standard
Section 5 - VMware Carbon Black Cloud Enterprise EDR
Section 6 - VMware Carbon Black Cloud Audit and Remediation
VMware 5V0-91.20 real exam questions are the best material for you to study the above VMware Carbon Black Portfolio Skills topics. Share some VMware certification 5V0-91.20 real exam questions below.
1.Which reputation has the highest priority in Cloud Endpoint Standard?
A. Adware/PUP Malware
B. Known Malware
C. Ignore
D. Unknown
Answer: B
2.An Enterprise EDR administrator wants to use Watchlists curated by VMware Carbon Black and other threat intelligence specialists.How should the administrator add these curated Watchlists from the Watchlists page?
A. Click Add Watchlists, on the Subscribe tab select the desired Watchlists, and click Subscribe.
B. Click Add Watchlists, and input the URL(s) for the desired Watchlists.
C. Click Take Action, and select Subscribe for the desired Watchlists.
D. Click Take Action, select Edit, and select the desired Watchlists.
Answer: B
3.How often do watchlists run?
A. Every 5 minutes
B. Watchlists can be configured to run at scheduled intervals
C. Every 10 minutes
D. Every 30 minutes
Answer: B
4.An analyst on the security team noticed that several alerts are false positives within Enterprise EDR. The analyst disables the IOC within the report from those alerts.Which statement correctly explains what disabling the IOC will accomplish?
A. That specific IOC in the report will no longer generate hits or alerts on the device from the alert.
B. The report will no longer generate hits or alerts.
C. That specific IOC in the report will no longer generate hits or alerts.
D. The report will no longer generate hits or alerts on the device from the alert.
Answer: C
5.How is a new Alert of type Event Alert created whenever an endpoint is added or deleted and send emails for the App Control admin whenever these events occur?
A. Add filter in Event Properties for Subtype Computer added and Computer deleted. Add the App Control admin email, and then click Create & Exit.
B. Add filter in Event Properties for Subtype Endpoint added and Endpoint deleted. Click Create and add the App Control admin email, and then click Create & Exit.
C. Add filter in Event Properties for Subtype Computer modified. Add the App Control admin email, and then click Create & Exit.
D. Add filter in Event Properties for Subtype Computer added and Computer deleted. Click Create and add the App Control admin email, and then click Create & Exit.
Answer: C