VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 171–180 of 195

Q171

What happens when a detected threat is quarantined in Carbon Black?

  • A The threat is deleted immediately
  • B User cannot access the affected file
  • C The file is restored automatically
  • D System performance is improved
Explanation Quarantining a threat restricts user access to high-risk items, while the other options misrepresent the function of quarantine.
Q172

Which service provides advanced threat detection in VMware Carbon Black?

  • A Threat Intelligence
  • B Data Protection
  • C Network Configuration
  • D User Management
Explanation Threat Intelligence offers insights into advanced threats, while others do not address threat detection directly.
Q173

A company needs to manage endpoint security policies efficiently. Which VMware Carbon Black feature should they utilize?

  • A Policy Management
  • B Incident Response
  • C Cloud Backup
  • D User Training
Explanation Policy Management enables the efficient configuration of security policies for endpoints, unlike the other options.
Q174

You are configuring an endpoint detection rule. What happens when 'Observe' action is set for a suspicious process?

  • A System is isolated immediately
  • B No action taken beyond monitoring
  • C Alerts are sent to admins
  • D Process is terminated
Explanation 'Observe' allows monitoring without active intervention; other actions imply immediate responses.
Q175

Which service helps prevent unauthorized application execution in VMware Carbon Black?

  • A Application Control
  • B Threat Intelligence
  • C Incident Response
  • D Logging and Monitoring
Explanation Application Control specifically restricts unauthorized applications while others focus on different aspects.
Q176

You are configuring a policy in Carbon Black. What setting determines how long to retain event logs?

  • A Retention period
  • B Log expiry
  • C Data lifecycle
  • D Event archiving
Explanation Retention period directly specifies the duration for event log storage.
Q177

What happens when a device fails to report to the Carbon Black server within the defined heartbeat interval?

  • A Device is permanently disconnected
  • B Alert triggered for administrator
  • C Logging continues without alert
  • D Device automatically reboots
Explanation Failure to report within heartbeat triggers an alert, while other options are not accurate responses to the situation.
Q178

Which service does VMware Carbon Black use for threat intelligence?

  • A Cloud Threat Library
  • B On-Premise Analyzer
  • C Local Intelligence Repository
  • D API-Based Threat Index
Explanation The Cloud Threat Library aggregates threat intelligence from multiple sources, while other options are either local or not used for this purpose.
Q179

A company needs to deploy VMware Carbon Black across multiple platforms. What should they focus on first?

  • A User interface customization
  • B Compatibility with operating systems
  • C Maximizing storage on endpoints
  • D Developing incident response plans
Explanation Ensuring compatibility with operating systems is essential before deployment.
Q180

What happens when you set a high sensitivity level for a threat alert in Carbon Black?

  • A Fewer alerts generated
  • B Increased performance overhead
  • C Only critical threats reported
  • D More events deemed safe
Explanation Higher sensitivity increases detection but can lead to performance overhead due to more frequent scans.