VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 161–170 of 195

Q161

A company needs to investigate suspicious activity on endpoints. What should be the first step using VMware Carbon Black?

  • A Analyze the audit logs
  • B Create a watchlist
  • C Run a full system scan
  • D Review threat dashboards
Explanation Analyzing audit logs provides critical insights into suspicious activities.
Q162

You are configuring the sensor settings for endpoints in VMware Carbon Black. What happens if you disable the 'block' action?

  • A Endpoints will be unmonitored
  • B Malicious files will not be blocked
  • C Threat alerts will stop
  • D Performance will be improved
Explanation Disabling the 'block' action allows malicious files to run unabated, whereas other options are incorrect regarding their impacts.
Q163

Which service in VMware Carbon Black provides threat intelligence data?

  • A Threat Intelligence
  • B File Integrity Monitoring
  • C Incident Response
  • D Security Operations
Explanation Threat Intelligence offers comprehensive threat data, while others serve different security functions.
Q164

A company needs to mitigate the impact of ransomware attacks. Which feature should they enable in Carbon Black?

  • A Behavioral Detection
  • B File Encryption
  • C Network Segmentation
  • D User Training
Explanation Behavioral Detection identifies ransomware patterns, unlike the other options which serve different purposes.
Q165

You are configuring application control policies in Carbon Black. What happens when an application is on the Allow List?

  • A It may be automatically blocked.
  • B It can never be executed.
  • C It runs without restrictions.
  • D It is monitored only.
Explanation Applications on the Allow List run without restrictions, while others are not allowed to run.
Q166

Which service does VMware Carbon Black primarily use for threat intelligence?

  • A Threat Analysis Cloud
  • B Carbon Black Standard
  • C Endpoint Protection Cloud
  • D Security Operations Center
Explanation Threat Analysis Cloud provides comprehensive threat intelligence, while the others are related but do not primarily focus on threat intelligence.
Q167

A company needs to block traffic originating from a specific geographic region. What feature in Carbon Black can accomplish this?

  • A Threat Detection Rules
  • B Geo-Blocking Policies
  • C Event Forwarding
  • D Sensor Configuration
Explanation Geo-Blocking Policies specifically target and restrict traffic from defined locations, whereas the other options focus on different functionalities.
Q168

You are configuring a carbon black sensor to operate in kernel mode. What happens when you enable this mode?

  • A Higher resource consumption
  • B Increased detection capabilities
  • C Disables file system monitoring
  • D Prevents application whitelisting
Explanation Kernel mode allows deeper integration for improved detection, while the others either state incorrect outcomes or are unrelated to kernel mode functionality.
Q169

Which service of VMware Carbon Black provides advanced threat hunting capabilities?

  • A Threat Analysis
  • B CB ThreatHunter
  • C Incident Response
  • D Forensic Analysis
Explanation CB ThreatHunter offers powerful tools for advanced threat hunting, while the others do not focus specifically on this functionality.
Q170

A company needs to enable secure remote access for employees using VMware Carbon Black. What should they configure?

  • A Device Control
  • B VPN Integration
  • C Application Control
  • D Alert Settings
Explanation VPN Integration is essential for secure remote access, unlike the other options which serve different purposes.