VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free

Start Mock Test Timed · Full-length · Scored

You are configuring policies in VMware Carbon Black. Which action can you specify to improve endpoint security?

A User Behavior Analysis
B Data Encryption Settings
C File Integrity Monitoring
D Malware Scanning Frequency

Explanation File Integrity Monitoring specifically detects unauthorized changes, while the others are relevant but do not focus on this aspect.

Q142

Which service is most commonly used for threat intelligence in VMware Carbon Black?

A Threat Insights
B Cloud Security
C Event Management
D Endpoint Protection

Explanation Threat Insights aggregates and analyzes threat data, while the others do not specialize in threat intelligence.

Q143

A company needs to set a compliance policy for their endpoints using VMware Carbon Black. What should they configure to ensure only approved applications run?

A Application Blacklisting
B Integrity Monitoring
C Application Whitelisting
D File Integrity Checking

Explanation Application Whitelisting allows only approved applications, unlike the others which do not specifically enforce approval.

Q144

What happens when an endpoint's security agent is disconnected from the VMware Carbon Black server for 30 days?

A It continues sending logs normally.
B It stops responding to commands instantly.
C It operates in a limited mode.
D It becomes inactive until reconnected.

Explanation The agent operates in a limited mode, allowing for temporary local responses, unlike complete disconnection or inactivity.

Q145

Which service in VMware Carbon Black provides real-time threat detection?

A Event Streaming
B Threat Intelligence
C Sensor Management
D Incident Response

Explanation Threat Intelligence analyzes and correlates threats in real time; others focus on different areas.

Q146

A company needs to secure its endpoints against ransomware. Which feature of VMware Carbon Black is most effective for this?

A Behavioral Detonation
B Cloud Threat Detection
C File Integrity Monitoring
D Malware Remediation

Explanation Behavioral Detonation allows for dynamic analysis of potential ransomware, while others provide unrelated capabilities.

Q147

You are configuring alerts in Carbon Black. What happens when the alert threshold is set too low?

A No alerts will trigger.
B There will be fewer alerts.
C Too many alerts may overwhelm users.
D Only critical alerts will trigger.

Explanation Setting the threshold too low generates excessive alerts, complicating response efforts; the other options misinterpret alert functionality.

Q148

Which service in VMware Carbon Black is responsible for classifying files based on threat intelligence?

A File Reputation Service
B Behavioral Analysis Engine
C Incident Response Manager
D Alert Prioritization Tool

Explanation The File Reputation Service classifies files as known good or known bad using threat intelligence, while the other options provide different functionalities.

Q149

A company needs to ensure their endpoint security is compliant with GDPR regulations. What feature should they prioritize in VMware Carbon Black?

A Real-Time Response
B Automated Remediation
C Data Privacy Configurations
D Vulnerability Scanning

Explanation Data Privacy Configurations focus on compliance with regulations like GDPR, while the other options are important but not specifically related to data privacy.

Q150

You are configuring a detection rule in Carbon Black to monitor unusual behavior. What action should you take to reduce false positives?

A Increase the alert severity
B Add reputation-based whitelisting
C Enable all notifications
D Lower the detection threshold

Explanation Adding reputation-based whitelisting limits alerts to known safe files and actions, whereas the other actions could increase false positives.