VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 91–100 of 195

Q91

Which service allows for the automation of incident response in VMware Carbon Black?

  • A CB Response
  • B CB Cloud
  • C CB Audit
  • D CB Protect
Explanation CB Response automates incident response actions upon detection, while others focus on prevention or auditing.
Q92

A company needs to restrict user access to sensitive logs in VMware Carbon Black. What should they use?

  • A Role-Based Access Control
  • B Device Control
  • C Audit Logs Management
  • D Real-time Monitoring
Explanation Role-Based Access Control allows customizable access levels, while others do not restrict access.
Q93

You are configuring alerts in VMware Carbon Black. What happens when you set a threshold for an alert to '3'?

  • A Alert triggers after 2 events
  • B Alert triggers after 4 events
  • C Alert triggers after 3 events
  • D Alert never triggers
Explanation Setting the threshold to '3' means an alert triggers after 3 events occur.
Q94

Which service in VMware Carbon Black focuses on threat intelligence aggregation?

  • A ThreatHunter
  • B Cloud Detection
  • C CB LiveOps
  • D CB Threat Intelligence
Explanation CB Threat Intelligence is designed for aggregation of threat data, while the others serve different analysis functions.
Q95

A company needs to prevent data exfiltration on endpoints. Which feature should they implement?

  • A Behavioral analysis
  • B Network control
  • C File integrity monitoring
  • D Image control
Explanation Network control directly helps prevent exfiltration, while the others focus on different security areas.
Q96

What happens when a device fails to communicate with the Carbon Black platform?

  • A It is automatically removed
  • B Data streams are encrypted
  • C It enters a sleep mode
  • D It cannot report security states
Explanation When a device fails to connect, it stops reporting safety status; the others do not accurately describe this behavior.
Q97

Which service in VMware Carbon Black responds to real-time threats?

  • A Real-time Response
  • B Cloud Query
  • C Threat Intelligence
  • D File Integrity Monitoring
Explanation Real-time Response provides immediate action to threats; others focus on data analysis or monitoring.
Q98

A company needs to deploy a new endpoint security measure to protect sensitive data. What is the first step they should take?

  • A Install antivirus software
  • B Configure EDR policies
  • C Perform a network assessment
  • D Identify critical data
Explanation Identifying critical data is foundational before implementing security; the other options are execution steps.
Q99

What happens when the policy severity level is set too high in VMware Carbon Black?

  • A Increased alert notifications
  • B Decreased system performance
  • C Reduced detection accuracy
  • D More automated responses
Explanation High severity leads to more alerts; while it may stress resources, it does not reduce accuracy or performance directly.
Q100

Which service allows continuous monitoring of endpoints?

  • A VMware Carbon Black EDR
  • B VMware vSphere
  • C VMware NSX
  • D VMware Horizon
Explanation Carbon Black EDR provides continuous endpoint monitoring, unlike other services focused on virtualization or application delivery.