1. Home
  2. VMware
  3. 5V0-91.20

VMware Carbon Black Portfolio Skills

Exam Details

  • Exam Code
    :5V0-91.20
  • Exam Name
    :VMware Carbon Black Portfolio Skills
  • Certification
    :VMware Certifications
  • Vendor
    :VMware
  • Total Questions
    :116 Q&As
  • Last Updated
    :Mar 27, 2025

VMware VMware Certifications 5V0-91.20 Questions & Answers

  • Question 41:

    Given the following query:

    SELECT hostname, cpu_type, cpu_brand, cpu_physical_cores, cpu_logical_cores, cpu_microcode, (1.0 * physical_memory / (1000*1000*1000)) AS physical_mem_gb, hardware_vendor, hardware_model, hardware_version, hardware_serial FROM system_info;

    Which statement Is correct?

    A. This query combines data from several different tables.

    B. This query customizes the results returned by the system.

    C. This query is missing a filter option.

    D. This query shows data from the physical_mem_gb column.

  • Question 42:

    Which Sensor Status under Endpoint Health indicates that a system's policy enforcement is disabled, and the sensor is not sending security event data to the cloud?

    A. Quarantined

    B. Deregistered

    C. Inactive

    D. Bypass

  • Question 43:

    A process is writing numerous interesting files that never actually execute.

    Which rule type can the administrator define that will prevent reporting these file creations?

    A. Performance Optimization

    B. File Creation Control (Suppress)

    C. Expert (Tag Process, Terminate Process)

    D. Execute Ignore

  • Question 44:

    After an emergency, what does the Restore computer button do on the App Control Home page?

    A. Move all computers to the original Enforcement level

    B. Move all computers to High Enforcement level

    C. Move all computers to Low Enforcement level

    D. Move all computers to Medium Enforcement level

  • Question 45:

    An administrator is creating a query per policy for Audit and Remediation. The administrator ran several recommended queries already but notices they are unable to run the same recommended query for one of their policies. The run button is grayed out.

    Which statement correctly explains why the run button is unavailable?

    A. The sensors in the policy do not support the table or query.

    B. The administrator needs the use live query permission.

    C. The number of consecutive running queries is limited.

    D. The query or table is not supported within osquery.

  • Question 46:

    There is a need to ignore all activity at an application path. Which rule definition should be used to address this need?

    A. Application at Path, Performs any operation, Bypass

    B. Application at Path, Runs or is Running, Bypass

    C. Application at Path, Runs or is Running, Allow and Log

    D. Application at Path, Performs any operation, Allow and Log

  • Question 47:

    Which identifier is shared by all events when an alert is investigated?

    A. Process ID

    B. Event ID

    C. Priority Score

    D. Alert ID

  • Question 48:

    Examine the following EDR query:

    file_desc:"Windows Command Processor" AND -process_name:cmd.exe

    Which process will show in the query results?

    A. Any process named something other than cmd.exe with the file description of "Windows Command Processor"

    B. Any process with the binary file description "Windows Command Processor"

    C. Any process with the binary file description "Windows Command Processor" named cmd.exe

    D. Any process named cmd.exe

  • Question 49:

    An Enterprise EDR administrator is reviewing the Investigate page and believes they are receiving false positive hits from specific watchlist.

    Which three options reduce future false positive hits from this watchlist? (Choose three.)

    A. Disable/remove the IOC associated with the false positives.

    B. Disable/remove the report associated with the false positives.

    C. Dismiss the watchlist hit.

    D. Select edit watchlist and uncheck alert on hits.

    E. Modify policy rules to exclude the false positive directory.

    F. Disable the watchlist associated with the false positives.

  • Question 50:

    Which statement is true about Carbon Black Live Response (CBLR)?

    A. CBLR sessions do not need to wait for the next sensor check-in.

    B. CBLR is disabled by default.

    C. CBLR is only available on Windows Endpoints.

    D. CBLR cannot be accessed through the API.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only VMware exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 5V0-91.20 exam preparations and VMware certification application, do not hesitate to visit our Vcedump.com to find your solutions here.