1. Home
  2. VMware
  3. 5V0-91.20

VMware Carbon Black Portfolio Skills

Exam Details

  • Exam Code
    :5V0-91.20
  • Exam Name
    :VMware Carbon Black Portfolio Skills
  • Certification
    :VMware Certifications
  • Vendor
    :VMware
  • Total Questions
    :116 Q&As
  • Last Updated
    :Mar 27, 2025

VMware VMware Certifications 5V0-91.20 Questions & Answers

  • Question 11:

    A Carbon Black Cloud analyst needs to identify the Internet Explorer extensions installed on Windows endpoints.

    Which Live Query statement will successfully query these items?

    A. SELECT * FROM registry JOIN ie_extensions;

    B. SELECT * FROM registry WHERE ie_extensions;

    C. SELECT * FROM ie_extensions;

    D. SELECT * FROM ie_extensions WHERE enabled=true;

  • Question 12:

    Which statement should be used when constructing queries in Carbon Black Audit and Remediation, Live Query?

    A. ALTER

    B. UPDATE

    C. REMOVE

    D. SELECT

  • Question 13:

    How can an analyst disregard alerts on multiple devices with the least amount of administrative effort?

    A. Select the "Dismiss on all devices" option.

    B. Make a note in the Notes/Tags option.

    C. Search by hash and dismiss.

    D. Turn off the Group Alerts option.

  • Question 14:

    An administrator needs to query all endpoints in the HR group for instances of an obfuscated copy of

    cmd.exe.

    Given this Enterprise EDR query:

    process_name:cmd.exe AND device_group:HR AND NOT enriched:true

    Which example could be added to the query to provide the desired results?

    A. NOT process_name:cmd.exe

    B. NOT process_original_filename:cmd.exe

    C. NOT process_company_name:cmd.exe

    D. NOT process_internal_name:cmd.exe

  • Question 15:

    What occurs when an administrator selects "Enable private logging level" in Sensor Settings under Policy?

    A. Delay execute for cloud scan is disabled.

    B. Script Files that have unknown reputations are not uploaded.

    C. Live Response is disabled.

    D. Domain names are obfuscated.

  • Question 16:

    What does the Aggressive setting do when configured in Local Scan Settings?

    A. It adds a temporary reputation.

    B. It scans all files on execution.

    C. It scans new files on first execution.

    D. It enables signature updates for the scanner.

  • Question 17:

    An administrator runs the following query in Audit and Remediation:

    SELECT *

    FROM users

    WHERE UID >= 500;

    How long will this query stay active and accept data from the sensors?

    A. 14 days

    B. 30 days

    C. 7 days

    D. 1 day

  • Question 18:

    An administrator observes the following event detail in the Investigate tab for an application with an unknown reputation making network connections:

    Upon further review of the event details returned, the reputation is observed as NOT_LISTED, and the applied (cloud) reputation is UNKNOWN.

    Why is the applied (cloud) reputation UNKNOWN and not NOT_LISTED?

    A. The sensor demoted the local reputation from UNKNOWN to NOT_LISTED based on the coud reputation.

    B. NOT_LISTED was applied by the sensor after observing no cloud reputation, as evidenced by the applied cloud reputation UNKNOWN.

    C. The application was UNKNOWN at the time of the event but then later determined to be NOT_LISTED.

    D. The sensor demoted the local reputation from NOT_LISTED to UNKNOWN based on the cloud reputation.

  • Question 19:

    What are three ways to ignore a feed report within the EDR user interface? (Choose three.)

    A. Threat Reports Details page

    B. Threat Intelligence Feeds page

    C. Investigations page

    D. Search Threat Reports page

    E. Alert Dashboard page

    F. After marking a feed alert as a false positive

  • Question 20:

    Level 3 service desk personnel have been approved to modify computer enforcement levels by security

    governance.

    Which set of steps is required to implement this change?

    A. Assign permission "Temporary assign computers" to each user.

    B. Create new user role, assign permission "Manage computers" to role.

    C. Create new user role, map AD group to role, assign permission "Manage computers" to role.

    D. Create new user role, map AD group to role, assign permission "Temporary assign computers" to role.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only VMware exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 5V0-91.20 exam preparations and VMware certification application, do not hesitate to visit our Vcedump.com to find your solutions here.