1. Home
  2. VMware
  3. 5V0-91.20

VMware Carbon Black Portfolio Skills

Exam Details

  • Exam Code
    :5V0-91.20
  • Exam Name
    :VMware Carbon Black Portfolio Skills
  • Certification
    :VMware Certifications
  • Vendor
    :VMware
  • Total Questions
    :116 Q&As
  • Last Updated
    :Mar 27, 2025

VMware VMware Certifications 5V0-91.20 Questions & Answers

  • Question 81:

    When executing a program in App Control, the notification message informs the user that the file is not approved with an option to request approval.

    Which Enforcement level is currently enacted?

    A. High

    B. Low

    C. Medium

    D. Default

  • Question 82:

    A Carbon Black administrator received an alert for an untrusted hash executing in the environment. Which two information items are found in the alert pane? (Choose two.)

    A. Launch Live Query

    B. Launch process analysis

    C. User quarantine

    D. Add hash to banned list

    E. IOC short name

  • Question 83:

    An administrator wants to find instances where the binary Is unsigned. Which term will accomplish this search?

    A. NOT process_publisher:FILE_SIGNATURE_STATE_SIGNED

    B. NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNED

    C. process_publisher_state:FILE_SIGNATURE_STATE_NOT_SIGNED

    D. process_publisher:FILE_SIGNATURE_STATE_NOT_SIGNED

  • Question 84:

    An administrator receives an alert with the TTP DATA_TO_ENCRYPTION.

    What is known about the alert based on this TTP even if other parts of the alert are unknown?

    A. A process attempted to delete encrypted data on the disk.

    B. A process attempted to write a file to the disk.

    C. A process attempted to modify a monitored file written by the sensor.

    D. A process attempted to transfer encrypted data on the disk over the network.

  • Question 85:

    An organization leverages a commonly used software distribution tool to manage deployment of enterprise software and updates. Custom rules are a suitable option to ensure the approval of files delivered by this tool.

    Which other trust mechanism could the organization configure for large-scale approval of these files?

    A. Windows Update

    B. Trusted Distributor

    C. Local Approval Mode

    D. Rapid Config

  • Question 86:

    What is the meaning, if any, of the event Report write (removable media)?

    A. This event would never occur. App Control does not report activity on removable media.

    B. A Policy's device control setting `Block writes to unapproved removable media' is set to Report Only. The event details show the process, file name, and hash modified or deleted on the removable media.

    C. A Policy's device control setting `Block writes to unapproved removable media' is set to Report Only. The event details show the process and file name modified or deleted on the unapproved removable media.

    D. A Policy's device control setting `Block writes to unapproved removable media' is set to Enabled. The event details show the process, file name, and hash modified or deleted on the removable media.

  • Question 87:

    Which statement is true when searching through the EDR server UI?

    A. The backslash \ is the character to escape characters.

    B. Whitespaces between search terms imply the OR operator.

    C. The percent symbol % is the character to represent a wildcard.

    D. The exclamation point ! is the character to represent negation.

  • Question 88:

    A process wrote an executable file as detailed in the following event:

    Which rule type should be used to ensure that files of the same name and path, written by that process in the future, will not be blocked when they execute?

    A. Trusted Path

    B. File Creation Control

    C. Advances (Write-Ignore)

    D. Trusted Publisher

  • Question 89:

    An Endpoint Standard analyst runs the query in the graphic below:

    Which three statements are true from the results shown? (Choose three.)

    A. The process is a PowerShell process running a script with a .ps1 extension.

    B. The process has a threat score greater than 4.

    C. The process made a network connection to another system.

    D. The process had a NOT_LISTED reputation at the time the event occurred.

    E. The process was run under the NT_AUTHORITY\SYSTEM user context.

    F. The process was able to inject code into another process.

  • Question 90:

    A process has created a number of interesting (executable) files in one sequence.

    In addition to the event Subtype 'New Unapproved File to Computer', what other event subtype is likely to be associated with this sequence?

    A. File Upload Completed

    B. New File Discovered on Startup

    C. File Group Created

    D. File Properties Modified

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only VMware exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 5V0-91.20 exam preparations and VMware certification application, do not hesitate to visit our Vcedump.com to find your solutions here.