VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 191–195 of 195

Q191

A company needs to quickly isolate a compromised endpoint. What feature should they use in Carbon Black?

  • A Quarantine
  • B Application Control
  • C Network Isolation
  • D Operational Visibility
Explanation Quarantine effectively isolates compromised devices; the others do not serve the purpose of isolation.
Q192

What happens when a Carbon Black policy is set to 'Block' for a specific process?

  • A Process is prevented from executing
  • B Process automatically updates itself
  • C Process receives enhanced monitoring
  • D Process runs without restrictions
Explanation Setting to 'Block' prevents execution; the other options suggest no restrictions or monitoring.
Q193

Which service in VMware Carbon Black provides real-time incident response capabilities?

  • A Carbon Black EDR
  • B Carbon Black Cloud
  • C Carbon Black Response
  • D Carbon Black Agent
Explanation Carbon Black EDR is designed specifically for real-time incident response, while others serve different functions.
Q194

A company needs to ensure only authorized applications run on endpoints. Which feature should they configure?

  • A Threat Intelligence
  • B Application Control
  • C Behavioral Detection
  • D File Integrity Monitoring
Explanation Application Control allows management of authorized applications, while others focus on different security aspects.
Q195

What happens when the Carbon Black agent is uninstalled from an endpoint?

  • A Data is instantly deleted
  • B Endpoint immediately becomes vulnerable
  • C All settings revert to defaults
  • D Sensor stops reporting to server
Explanation The sensor stops reporting to the server, leaving the endpoint without monitoring despite possible retained data.