1. Home
  2. VMware
  3. 5V0-91.20

VMware Carbon Black Portfolio Skills

Exam Details

  • Exam Code
    :5V0-91.20
  • Exam Name
    :VMware Carbon Black Portfolio Skills
  • Certification
    :VMware Certifications
  • Vendor
    :VMware
  • Total Questions
    :116 Q&As
  • Last Updated
    :Mar 27, 2025

VMware VMware Certifications 5V0-91.20 Questions & Answers

  • Question 61:

    An analyst on the security team noticed that several alerts are false positives within Enterprise EDR. The analyst disables the IOC within the report from those alerts.

    Which statement correctly explains what disabling the IOC will accomplish?

    A. That specific IOC in the report will no longer generate hits or alerts on the device from the alert.

    B. The report will no longer generate hits or alerts on the device from the alert.

    C. That specific IOC in the report will no longer generate hits or alerts.

    D. The report will no longer generate hits or alerts.

  • Question 62:

    Review the following EDR query:

    (parent_name:powershell.exe OR parent_name:cmd.exe) AND netconn_count:[l TO *]

    Which process would show in the query results?

    A. Processes invoked by Powershell.exe and cmd.exe with a single network connection event

    B. Processes invoking Powershell.exe and cmd.exe with multiple network connection events

    C. Processes invoked by Powershell.exe or cmd.exe with any number of network connection events

    D. Processes invoking Powershell.exe or cmd.exe with multiple network connection events

  • Question 63:

    Review the following search:

    childproc_name:"rundll32.exe" AND -digsig_result:"Signed" AND path:c:\windows\*

    What is this search looking for?

    A. Processes being launched by rundll32.exe running out of the windows directory that are not signed

    B. Instances of rundll32.exe running out of the windows directory that are not signed

    C. Instances of rundll32.exe running out of the windows directory that are signed

    D. Processes launching rundll32.exe running out of the windows directory that are not signed

  • Question 64:

    An authorized administrator plans to remove the App Control agent from a computer. Which Enforcement Level must a computer be in before the agent can be uninstalled?

    A. Visibility

    B. None (Disabled)

    C. Any Enforcement Level

    D. Low Enforcement

  • Question 65:

    An Endpoint Standard administrator is working with an IT team to explicitly permit specific applications from the environment using both the IT Tools and Certs Approved List features.

    Once applied, which reputation would these applications be classified under for processing?

    A. Trusted White

    B. Company White

    C. Local White

    D. Common White

  • Question 66:

    An administrator is concerned that someone may be using unauthorized commands from cmd.exe. These commands are not considered suspicious or malicious, and there is no policy based around them.

    Which page should the administrator use to find these commands?

    A. Sensor Management

    B. Investigate

    C. Policies

    D. Alerts

  • Question 67:

    A watchlist generates a false positive on the Triage Alerts page, so the watchlist must be updated. How should this task be accomplished?

    A. One can update watchlists directly on the Triage Alerts Page using the pencil icon.

    B. One can update watchlists from the Process Search Page.

    C. Open the process analysis page and select the Add Watchlist Exclusion option from the Actions menu.

    D. Open the Watchlist Page and click the pencil button associated with the watchlist.

  • Question 68:

    An administrator is reviewing an alert about a known and required application in the environment. The application has been given the reputation of PUP, with the alert reason being that the PUP was detected. As a result, this application is matching policy blocking and isolation rules for PUPs in the environment and Is not behaving as expected.

    Which step should the administrator take to remediate this situation?

    A. Add the file to the Approved List and Dismiss alert

    B. Add the file to the Approved List

    C. Dismiss the alert

    D. Add the file to the Banned List and Delete application

  • Question 69:

    What information does the Alert Details panel provide on the Alert Triage page in Endpoint Standard?

    A. Threat ID

    B. Process ID

    C. Device ID

    D. Alert ID

  • Question 70:

    Which two statements are true about Carbon Black alerts? (Choose two.)

    A. They can be grouped together.

    B. Once received, it can be dismissed in bulk.

    C. Once dismissed, the action cannot be undone.

    D. Carbon Black does not generate alerts.

    E. They are stored for 15 days.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only VMware exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 5V0-91.20 exam preparations and VMware certification application, do not hesitate to visit our Vcedump.com to find your solutions here.