VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 1–10 of 195

Q1

Which service provides the threat intelligence framework in VMware Carbon Black?

  • A Threat Intelligence Service
  • B Behavioral Analysis Engine
  • C Managed Detection Service
  • D Endpoint Protection Service
Explanation The Threat Intelligence Service is integrated into VMware Carbon Black to provide real-time threat intelligence, while the others focus on different aspects of endpoint protection or detection.
Q2

A company needs to ensure continuous visibility into suspicious processes. Which VMware Carbon Black feature should they enable?

  • A Live Query
  • B Event Monitoring
  • C Incident Response
  • D Task Scheduling
Explanation Live Query allows real-time checks on suspicious processes, while the other options are related to event management and response operations.
Q3

You are configuring rules for preventing malware execution. What happens when a 'blocking' rule is triggered in Carbon Black?

  • A Malware is quarantined immediately
  • B Execution is blocked based on the rule
  • C User is notified instantly
  • D Event is logged for review
Explanation When a 'blocking' rule triggers, the execution of the flagged process is stopped immediately, unlike the other options which describe different actions outside the scope of blocking rules.
Q4

Which service in VMware Carbon Black is responsible for continuous monitoring and threat detection?

  • A Endpoint Detection and Response (EDR)
  • B Cloud Security Posture Management
  • C Network Security Analysis
  • D Data Loss Prevention
Explanation EDR is designed specifically for monitoring and detecting threats on endpoints; the others serve different purposes.
Q5

A company needs to ensure that all endpoints are compliant with preset security policies. What should they configure in Carbon Black?

  • A Policy Monitoring
  • B Threat Intelligence Alerts
  • C Endpoint Isolation
  • D Malware Isolation
Explanation Policy Monitoring enables compliance with security policies; the others do not directly enforce policy adherence.
Q6

What happens when a previously whitelisted file has its status changed to blacklisted in Carbon Black?

  • A It is automatically deleted from endpoints.
  • B Endpoints will block the execution.
  • C Users will receive a notification only.
  • D No action is taken on it.
Explanation Changing a file to blacklisted status blocks execution on endpoints; the other options do not reflect correct actions taken.
Q7

Which service can integrate with VMware Carbon Black EDR for enhanced endpoint visibility?

  • A VMware vSphere
  • B Tanzu Kubernetes
  • C Carbon Black App Control
  • D VMware Cloud Director
Explanation Carbon Black App Control specifically complements EDR features, enhancing endpoint visibility and management.
Q8

A company needs to ensure its endpoint policies apply to new devices automatically. Which feature should they use?

  • A Static Policies
  • B Dynamic Rules
  • C Policy Templates
  • D User Group Policies
Explanation Dynamic Rules automatically apply to new devices based on specific criteria, ensuring real-time policy enforcement.
Q9

What happens when a Windows endpoint is quarantined in VMware Carbon Black EDR?

  • A It deletes all malware instantly
  • B It isolates the device from network
  • C It adds it to another group
  • D It loses all configurations instantly
Explanation Quarantining isolates the device from the network to prevent further threats while allowing investigation and resolution.
Q10

Which service in VMware Carbon Black is responsible for real-time monitoring?

  • A Continuous Monitoring
  • B Static Analysis
  • C Threat Intelligence
  • D Incident Response
Explanation Continuous Monitoring provides real-time endpoint data; the others focus on different operational aspects.