VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 111–120 of 195

Q111

What happens when a user dismisses a detected threat alert in Carbon Black?

  • A It is permanently removed
  • B It escalates to an admin
  • C The threat status changes
  • D It can be reviewed later
Explanation Dismissing does not delete; dismissed alerts can still be reviewed later.
Q112

Which service is responsible for managing threat intelligence in VMware Carbon Black?

  • A Threat Intelligence Cloud
  • B Endpoint Protection Manager
  • C Security Operations Center
  • D Threat Hunting Console
Explanation Threat Intelligence Cloud aggregates and manages threat intel, while other options serve different functions.
Q113

A company needs to proactively identify vulnerabilities in their endpoints; which Carbon Black feature should they utilize?

  • A Behavioral Monitoring
  • B Threat Hunting
  • C Vulnerability Management
  • D Policy Management
Explanation Vulnerability Management specifically identifies endpoint vulnerabilities, unlike the others which have different purposes.
Q114

What happens when an endpoint goes offline while utilizing VMware Carbon Black's Continuous Monitoring feature?

  • A Immediate removal from the network
  • B Monitoring continues with cached data
  • C Alerts generated for admins
  • D Data loss prevention disabled
Explanation Monitoring continues with cached data until the endpoint rejoins, while others describe incorrect responses.
Q115

Which service in VMware Carbon Black provides real-time threat detection?

  • A Endpoint Detection and Response
  • B Threat Intelligence Platform
  • C Cloud Backup Service
  • D Network Security Manager
Explanation Endpoint Detection and Response offers real-time threat detection, unlike the other options.
Q116

A company needs to isolate a compromised endpoint. Which action should be taken?

  • A Remove from the network immediately
  • B Restrict network access
  • C Monitor it for further activity
  • D Increase its permissions
Explanation Restricting network access isolates it without immediate disconnection, which is less disruptive.
Q117

You are configuring a rule set in Carbon Black. What happens if an anti-virus exclusion is improperly set?

  • A No impact on system performance
  • B False negatives may increase
  • C Increased system security risks
  • D Improved threat detection
Explanation An improper exclusion can lead to false negatives, allowing malware to go undetected.
Q118

Which service in VMware Carbon Black provides real-time threat intelligence?

  • A Threat Intelligence Cloud
  • B Endpoint Detection Service
  • C Security Analytics Tool
  • D Incident Response Hub
Explanation Threat Intelligence Cloud offers continuous threat updates, while others do not specialize in this area.
Q119

A company needs to ensure that all endpoint events are recorded. Which settings will help achieve this in Carbon Black EDR?

  • A Disable historical data collection
  • B Set event logging level to 'Detailed'.
  • C Limit sensors to specific file types
  • D Schedule weekly data purging
Explanation Setting event logging to 'Detailed' captures the most thorough event data; other options would restrict data collection.
Q120

What happens when an endpoint communication is flagged as suspicious in Carbon Black?

  • A Immediate isolation from the network
  • B User receives an alert notification
  • C Event is logged and analyzed later
  • D Automated response procedures can be triggered.
Explanation Automated response can handle the situation; other options detail potential but not the immediate actions taken by the system.