VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 121–130 of 195

Q121

Which Carbon Black service primarily focuses on forensic investigation?

  • A CB Response
  • B CB Protect
  • C CB Cloud
  • D CB ThreatHunter
Explanation CB Response is designed for detailed forensic analysis, while others focus on prevention or threat hunting.
Q122

A company needs to isolate a compromised endpoint from the network. What should they do?

  • A Quarantine the endpoint
  • B Remove the endpoint from the network
  • C Deploy a VM snapshot
  • D Reinstall the operating system
Explanation Quarantining prevents further communication without losing data, unlike the other options.
Q123

What happens when you disable Carbon Black's threat detection policies?

  • A No threats will be detected
  • B All logs will be deleted
  • C Endpoints cannot be managed
  • D Performance improves immediately
Explanation Disabling detection policies stops threat identification, while other options are inaccurate interpretations.
Q124

Which service in VMware Carbon Black provides threat intelligence for behaviors?

  • A Behavioral EDR
  • B Cloud Authentication
  • C Network Forensics
  • D Enterprise Management
Explanation Behavioral EDR focuses on monitoring and analyzing threat behaviors, while the others serve different purposes.
Q125

A company needs to analyze incident data from the previous quarter. What feature should they use in VMware Carbon Black?

  • A Threat Extraction
  • B Search Functionality
  • C Incident Response Plan
  • D Device Inventory
Explanation The search functionality enables analyzing incident data effectively over specified periods, unlike the other options.
Q126

You are configuring the alert threshold in VMware Carbon Black. What happens when the threshold is set too low?

  • A More relevant alerts generated
  • B Fewer false positives reported
  • C Increased alert fatigue for staff
  • D Decreased security awareness
Explanation Setting a threshold too low creates excessive alerts leading to fatigue, while the other options reflect incorrect outcomes.
Q127

What service in VMware Carbon Black enables the collection of threat intelligence feeds?

  • A Threat Intelligence Service
  • B Event Monitoring
  • C Incident Response
  • D Data Recovery
Explanation The Threat Intelligence Service integrates external feeds for enhanced detection, while others focus on different functionalities.
Q128

A company needs to apply a policy to all endpoints, but exclude endpoints with a specific application. Which policy setting should be used?

  • A Exclude rule
  • B Inclusion rule
  • C Override policy
  • D Global policy
Explanation Using an Exclude rule effectively applies a policy while exempting specified endpoints, whereas other options do not meet exclusion criteria.
Q129

You are configuring alerts in VMware Carbon Black to optimize for response time. Which setting should you prioritize?

  • A Alert criticality levels
  • B Email notification settings
  • C System performance metrics
  • D Policy enforcement settings
Explanation Prioritizing alert criticality levels ensures quick responses to significant threats, while other settings focus on different aspects.
Q130

Which service provides proactive threat hunting capabilities in Carbon Black?

  • A CB ThreatHunter
  • B CB Protection
  • C CB Defense
  • D CB Cloud
Explanation CB ThreatHunter is designed for proactive threat hunting, while the others focus on reactive measures.