VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 11–20 of 195

Q11

A company needs to customize event reporting in Carbon Black. What should they configure first?

  • A Alerts Configuration
  • B Sensor Policies
  • C Data Retention Settings
  • D Report Templates
Explanation Configuring Report Templates allows customization of reports; the other options do not directly create reports.
Q12

What happens when an endpoint reaches its maximum allowed storage for Carbon Black logs?

  • A Old logs are deleted automatically
  • B Logging stops until space is freed
  • C System generates an alert only
  • D New logs overwrite recent logs
Explanation Carbon Black deletes old logs automatically to manage storage; logging stopping is not the default behavior.
Q13

Which service in VMware Carbon Black provides real-time visibility into endpoint behavior?

  • A Endpoint Detection and Response
  • B Cloud Config Management
  • C User Behavior Analytics
  • D Network Traffic Analysis
Explanation Endpoint Detection and Response (EDR) offers real-time monitoring of endpoints; the other options are not primary functions of VMware Carbon Black.
Q14

A company needs to reduce the threat of ransomware. What feature should they enable in Carbon Black?

  • A Application Control
  • B Detective Sensor
  • C Task Kill Action
  • D File Integrity Monitoring
Explanation Application Control can prevent unauthorized applications, including ransomware, while the other features do not specifically mitigate ransomware threats.
Q15

What happens when a sensor fails to report status in Carbon Black?

  • A The endpoint is quarantined
  • B No alerts are generated
  • C Threat hunting is disabled
  • D Alert on potential problems raised
Explanation The system will generate alerts for missing status reports, while the other options are incorrect as they misrepresent the system's behavior.
Q16

Which service in VMware Carbon Black EDR is responsible for data collection and analysis from endpoints?

  • A Data Service
  • B Response Service
  • C Detection Service
  • D Collection Service
Explanation Data Service collects and analyzes endpoint data; others do not specifically relate to data ingestion.
Q17

A company needs to filter out untrusted applications during threat detection. What feature should they use?

  • A Application Control
  • B Threat Intelligence
  • C Behavioral Monitoring
  • D Endpoint Isolation
Explanation Application Control restricts untrusted applications; others have different functions.
Q18

What happens when you enable prevention mode for an endpoint in VMware Carbon Black EDR?

  • A Only alerts are triggered
  • B Threats are automatically blocked
  • C Data collection stops
  • D User gets logged out
Explanation Prevention mode actively blocks threats; other options do not accurately reflect its function.
Q19

Which service allows VMware Carbon Black to store and manage detection data?

  • A Cloud storage service
  • B Local database service
  • C Hybrid cloud solution
  • D On-premises sensor storage
Explanation The cloud storage service centralizes detection data for enhanced analysis; local and on-premises options limit accessibility.
Q20

A company needs to prevent data exfiltration through USB devices. Which feature of Carbon Black would best meet this requirement?

  • A Device control policy
  • B Behavioral analysis
  • C Endpoint lockdown
  • D Web filtering
Explanation Device control policies specifically manage USB access, while other options do not directly address physical device usage.