VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 181–190 of 195

Q181

Which service provides threat information and intelligence in VMware Carbon Black?

  • A Threat Intelligence Cloud
  • B Carbon Black Endpoint Protection
  • C Incident Response Console
  • D Managed Threat Hunting
Explanation Threat Intelligence Cloud aggregates and analyzes threat data, unlike the other options which focus on specific functionalities.
Q182

You are configuring a sensor for a critical production environment. Which setting should you prioritize to reduce false positives?

  • A Memory tampering detection
  • B File integrity checking
  • C Watchlist configuration
  • D Continuous monitoring mode
Explanation Watchlist configuration allows precision in detection, while others might increase false alerts.
Q183

What happens when an endpoint is disconnected from the network while using Carbon Black?

  • A It cannot report any logs
  • B It uses local policy changes only
  • C It stops monitoring for threats
  • D It deletes existing data
Explanation The endpoint continues to operate under local policy until it reconnects, unlike the other options which inaccurately represent functionality.
Q184

Which service in VMware Carbon Black is responsible for threat intelligence feeds?

  • A CB Threat Intelligence
  • B CB Application Control
  • C CB EDR Monitoring
  • D CB Device Control
Explanation CB Threat Intelligence provides external cybersecurity data, while the others manage applications or devices.
Q185

A company needs to ensure that sensitive files are only accessible by specific users across all endpoints. Which Carbon Black feature should they implement?

  • A File Integrity Monitoring
  • B Policy Management
  • C User Roles and Permissions
  • D Endpoint Visibility
Explanation User Roles and Permissions control access, unlike the other options that don't restrict user access.
Q186

What happens when a file is marked as 'trusted' in Carbon Black?

  • A It is automatically deleted.
  • B It bypasses security controls.
  • C It receives constant monitoring.
  • D It is sent for advanced analysis.
Explanation Trusted files bypass certain security controls, unlike the monitoring and analysis options.
Q187

Which service in VMware Carbon Black provides real-time visibility of endpoint activity?

  • A Event Monitoring Service
  • B Threat Analysis Service
  • C Endpoint Protection Service
  • D Incident Response Dashboard
Explanation Event Monitoring Service offers real-time endpoint activity insights; the other options do not specifically address real-time visibility.
Q188

A company needs to reduce false positive alerts in Carbon Black. What should they do?

  • A Lower alert sensitivity settings
  • B Whitelist known good files
  • C Disable all alert notifications
  • D Increase data retention period
Explanation Whitelisting known good files can significantly reduce false positives, whereas the other options might compromise security or provide no benefit.
Q189

You are configuring a Carbon Black response rule. What happens when a rule is set to auto-remediate?

  • A It logs incidents for review
  • B It automatically blocks the file
  • C It isolates the endpoint immediately
  • D It triggers an external alert
Explanation Auto-remediation rules automatically block the detected file; the other options do not reflect auto-remediation behavior.
Q190

Which Carbon Black module is used for live response?

  • A Live Response
  • B Threat Hunting
  • C Containment
  • D Remediation
Explanation Live Response allows real-time actions on endpoints; the other options do not focus on immediate endpoint actions.