VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 21–30 of 195

Q21

What happens when a hash of a file is deemed malicious in Carbon Black?

  • A File is automatically deleted
  • B An alert is generated
  • C All similar files are removed
  • D No action is taken
Explanation When a file's hash is flagged, it triggers an alert for security personnel to investigate, but it does not act on files automatically.
Q22

Which service does VMware Carbon Black rely on for incident response data collection?

  • A Data Collection Service
  • B Threat Intelligence Platform
  • C Incident Response Engine
  • D Compliance Monitoring Tool
Explanation The Data Collection Service gathers endpoint incident data for analysis, while others do not serve this primary function.
Q23

A company needs to ensure all endpoints have the latest security policies applied. What should be configured?

  • A Real-time policy update
  • B Historical policy review
  • C Statistical policy analysis
  • D Policy version control
Explanation Real-time policy updates ensure immediate enforcement on all endpoints, unlike the others which do not apply policies directly.
Q24

What happens when a potentially harmful file is quarantined in VMware Carbon Black?

  • A File remains accessible to users
  • B Threat status is downgraded
  • C User receives a notification
  • D File is deleted permanently
Explanation Users receive notifications regarding quarantined files but the file does not remain accessible, nor is it deleted permanently unless specified.
Q25

Which service in VMware Carbon Black is primarily responsible for threat intelligence?

  • A Threat Intelligence Cloud
  • B Behavioral Analytics
  • C Incident Response
  • D File Integrity Monitoring
Explanation Threat Intelligence Cloud aggregates and analyzes threat data, while the other options focus on different protective functions.
Q26

A company needs to prevent unauthorized file modifications; which feature should they configure in Carbon Black?

  • A Watchlist
  • B Malware Protection
  • C File Integrity Monitoring
  • D Endpoint Firewall
Explanation File Integrity Monitoring detects and alerts on unauthorized changes, unlike the other options.
Q27

What happens when you disable process whitelisting in Carbon Black?

  • A All processes are blocked
  • B All processes are allowed
  • C Critical processes stop functioning
  • D Alerts will decrease significantly
Explanation Disabling whitelisting permits all processes, while the other options are misleading or incorrect.
Q28

Which service in VMware Carbon Black handles threat hunting?

  • A ThreatHunter
  • B LiveResponse
  • C Sensor Management
  • D API Access
Explanation ThreatHunter focuses specifically on threat hunting, while others serve different functions.
Q29

A company needs to protect its endpoints on the cloud. Which Carbon Black solution should they implement?

  • A Carbon Black Cloud
  • B Carbon Black Response
  • C Carbon Black Predictive
  • D Carbon Black Fortify
Explanation Carbon Black Cloud provides cloud-native endpoint protection, unlike the other options.
Q30

What happens when a suspicious file is quarantined in Carbon Black?

  • A It is deleted permanently
  • B It is scanned again
  • C It's analyzed by AI algorithms
  • D It is isolated from the system
Explanation Quarantining isolates the file to prevent harm while allowing analysis.