VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 41–50 of 195

Q41

A company needs to ensure minimal impact on user experience during endpoint security scans; what configuration should they prioritize?

  • A Full scans only
  • B Scheduled scans during off-peak hours
  • C Constant background scanning
  • D Disabling all scans
Explanation Scheduled scans during off-peak hours minimizes user disruption, unlike constant scanning or no scans.
Q42

What happens when an endpoint fails to report back to the VMware Carbon Black server?

  • A It is immediately quarantined.
  • B Alerts are generated for missed data.
  • C The endpoint is labeled as compromised.
  • D Data becomes permanently inaccessible.
Explanation Alerts help monitor endpoint status; quarantine or label actions occur under specific threat conditions.
Q43

Which service is primarily responsible for endpoint visibility in VMware Carbon Black EDR?

  • A Endpoint Data Collection
  • B Real-Time Response
  • C Threat Intelligence
  • D Security Policy Management
Explanation Endpoint Data Collection captures and sends endpoint data for visibility, while others serve different functions.
Q44

A company needs to ensure that only specific applications run on their endpoints. Which feature should they implement?

  • A File Integrity Monitoring
  • B Application Control
  • C Incident Response
  • D Behavior Monitoring
Explanation Application Control restricts executable applications, while the others focus on monitoring or responding to incidents.
Q45

What happens when you enable "Prevent Uninstall" on the Carbon Black agent?

  • A User can uninstall intentionally
  • B Agent cannot be stopped or removed
  • C Application updates are blocked
  • D Users can disable this feature easily
Explanation Enabling "Prevent Uninstall" protects the agent from being uninstalled, unlike the other scenarios.
Q46

Which service in Carbon Black EDR provides real-time threat intelligence?

  • A Threat Intelligence Cloud
  • B Incident Response Platform
  • C Response Management Console
  • D File Integrity Monitoring
Explanation Threat Intelligence Cloud offers real-time data for threat detection, while the others serve different functions.
Q47

A company needs to enforce application allowlisting across its endpoints. Which feature should they configure?

  • A Malicious Behavior Detection
  • B Application Control Policies
  • C Dynamic Query Processor
  • D File Hashing Mechanism
Explanation Application Control Policies specifically manage application allowlisting, unlike the other features.
Q48

What happens when a new endpoint connects to the Carbon Black platform?

  • A It bypasses all security checks.
  • B It automatically gets quarantined.
  • C It starts sending telemetry data.
  • D It is ignored until manually approved.
Explanation New endpoints immediately begin sending telemetry data for analysis; others are incorrect scenarios.
Q49

Which service provides real-time data inspection in Carbon Black?

  • A Data forensics
  • B Threat intelligence
  • C Behavioral analysis
  • D Endpoint threat detection
Explanation Endpoint threat detection utilizes real-time data inspection to monitor threats, while the others serve different functions.
Q50

A company needs to ensure compliance with data privacy regulations. What feature should they use in Carbon Black?

  • A Device Control
  • B Incident Response
  • C Data Loss Prevention
  • D Managed Detection
Explanation Data Loss Prevention helps in compliance by preventing unauthorized data access, whereas the other options focus on varying aspects of threat management.