VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 31–40 of 195

Q31

Which service in VMware Carbon Black enables policy management?

  • A Policy Management Service
  • B Threat Intelligence Service
  • C Response Management Service
  • D Data Loss Prevention Service
Explanation The Policy Management Service handles creating and managing security policies, while the others serve different functions.
Q32

A security analyst notices unusual process behavior. What should they do first in Carbon Black?

  • A Delete the suspicious process
  • B Query related events
  • C Reboot the endpoint
  • D Ignore the behavior
Explanation Querying related events helps understand the context before taking further action.
Q33

You are configuring a new sensor in Carbon Black. What is a key requirement?

  • A Admin rights on the local machine
  • B No internet connection needed
  • C Third-party antivirus installed
  • D VMware tools must be disabled
Explanation Admin rights are necessary for sensor installation while the other options contradict operational needs.
Q34

Which service is primarily used for threat intelligence in VMware Carbon Black EDR?

  • A Threat Intelligence Cloud
  • B Secure Cloud Service
  • C Data Protection Service
  • D Incident Response Cloud
Explanation Threat Intelligence Cloud offers real-time threat data; the others focus on different services.
Q35

A company needs to conduct a post-incident review; what feature in VMware Carbon Black should they use?

  • A Incident Timeline
  • B Live Response
  • C Sensor Update History
  • D Network Analytics
Explanation Incident Timeline provides detailed insights for reviews; others do not focus on post-incident data.
Q36

What happens when a sensor goes offline in VMware Carbon Black EDR?

  • A Data stops recording
  • B Alerts stop being generated
  • C Stored data becomes inaccessible
  • D It continues local recording until reconnects
Explanation Sensors continue local data recording until they reconnect; the other options misrepresent sensor behavior.
Q37

Which service in VMware Carbon Black enhances incident response capabilities?

  • A Threat Intelligence
  • B Device Compliance
  • C Application Control
  • D User Activity Logging
Explanation Threat Intelligence provides necessary data to enhance incident response.
Q38

A company needs to implement EDR solutions; which feature is critical?

  • A Backup Configuration
  • B Real-time Monitoring
  • C User Permission Management
  • D Network Load Balancing
Explanation Real-time Monitoring is essential for effective EDR.
Q39

What happens when you enable 'Containment' on a detected threat?

  • A Threat is deleted immediately
  • B Threat is isolated from the network
  • C Threat is archived for review
  • D Threat is ignored
Explanation Containment isolates the threat, preventing further damage.
Q40

Which service in VMware Carbon Black provides real-time visibility into endpoint activity?

  • A Threat Intelligence
  • B Threat Hunting
  • C Live Query
  • D Event Forwarding
Explanation Live Query allows real-time insights, while others focus on analysis or forward data.