VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 101–110 of 195

Q101

A company needs to isolate a compromised endpoint immediately. What action must they take?

  • A Enable containment mode
  • B Update the policy settings
  • C Run a full system scan
  • D Delete the machine from the console
Explanation Enabling containment mode isolates the threatened endpoint immediately, while other options do not provide instant isolation.
Q102

What happens when an endpoint exceeds the configured limits for CPU usage in a Carbon Black policy?

  • A It triggers an alert only
  • B It automatically quarantines the endpoint
  • C It triggers a configurable automated action
  • D It does nothing significant
Explanation A configurable automated action is executed for CPU limit breaches, while other options do not take immediate corrective actions.
Q103

Which service in VMware Carbon Black helps to alert on potentially unwanted applications?

  • A Threat Intelligence
  • B Application Control
  • C Incident Response
  • D Behavioral Monitoring
Explanation Application Control specifically targets and manages unwanted applications, unlike the other options.
Q104

A company needs to identify advanced persistent threats (APTs). What feature in VMware Carbon Black should they utilize?

  • A Live Query
  • B Threat Hunting
  • C Sensor Management
  • D Endpoint Isolation
Explanation Threat Hunting capabilities are designed to reveal APTs and other sophisticated threats, while the others serve different purposes.
Q105

You are configuring a Carbon Black response rule. What is the consequence of setting a rule to "Notify only"?

  • A No action taken on the endpoint
  • B Malicious activity is blocked immediately
  • C Alert generated and logged only
  • D Endpoint quarantined automatically
Explanation "Notify only" means only alerts are triggered without any direct action on systems.
Q106

Which service allows real-time visibility within Carbon Black?

  • A CB LiveOps
  • B CB Protection
  • C CB Respond
  • D CB Defense
Explanation CB Respond provides real-time visibility into endpoints; other options serve different purposes.
Q107

A company needs to block execution of unauthorized scripts. What should they configure?

  • A Sensor Features
  • B Custom Policies
  • C Event Forwarding
  • D User Controls
Explanation Custom Policies can define script execution rules; others do not relate to script blocking.
Q108

What happens when a binary is flagged due to a high risk score in Carbon Black?

  • A It gets deleted automatically.
  • B It is quarantined immediately.
  • C The EDR alerts the admin.
  • D No action is taken.
Explanation An alert is generated for admin action; no automatic deletion or quarantine occurs.
Q109

Which service in VMware Carbon Black provides automated malware detection?

  • A Malware Analysis
  • B Threat Intelligence
  • C File Integrity Monitoring
  • D Behavioral Monitoring
Explanation Malware Analysis automatically detects signatures, while others monitor or provide context.
Q110

A company needs to restrict user access in Carbon Black; what should they configure?

  • A Policies
  • B Detection Rules
  • C Incident Response Plans
  • D Data Retention Settings
Explanation Policies manage user privileges, while others handle detection or data management.