VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 51–60 of 195

Q51

What happens when policy conflicts occur in Carbon Black?

  • A First policy takes precedence
  • B All policies are ignored
  • C Users are notified immediately
  • D Conflict is logged and reviewed
Explanation In policy conflicts, the first defined policy is prioritized, whereas the others do not accurately describe the system behavior.
Q52

Which service provides advanced threat detection in VMware Carbon Black?

  • A Behavioral Threat Analysis
  • B Basic Monitoring
  • C Endpoint Backup
  • D Network Latency Monitoring
Explanation Behavioral Threat Analysis identifies anomalies indicative of threats; the others do not provide threat detection capabilities.
Q53

A company needs to protect sensitive data on endpoints; which feature should they implement?

  • A Device Control
  • B Virtualization
  • C Browser History Monitoring
  • D File Deletion
Explanation Device Control restricts device access, securing sensitive data, while the other options do not provide direct data protection.
Q54

What happens when you enable live response in Carbon Black?

  • A Improves network speed
  • B Allows remote investigations
  • C Installs updates automatically
  • D Backups the endpoint data
Explanation Enabling live response allows administrators to perform immediate investigations and actions; the other options are unrelated to live response functionality.
Q55

Which service plays a critical role in detecting behavioral anomalies on endpoints?

  • A Threat Intelligence
  • B Endpoint Detection and Response
  • C Log Analysis
  • D Network Security Monitoring
Explanation EDR monitors endpoint behavior for anomalies, while others focus on different aspects.
Q56

A company needs to quickly respond to a suspected malware infection. Which approach is best?

  • A Isolate infected systems and restore from backup
  • B Run antivirus scans on all devices
  • C Reboot the affected systems
  • D Ignore and monitor for changes
Explanation Isolating affected systems prevents further spread, unlike the other reactive options.
Q57

What happens when you misconfigure the Carbon Black sensor's policy to aggressively whitelist applications?

  • A Increased system security vigilance
  • B Legitimate applications blocked from execution
  • C Malicious software execution may increase
  • D False positives will dramatically reduce
Explanation An aggressive whitelist may allow malware to run unchecked, while the others are incorrect effects.
Q58

Which service in VMware Carbon Black provides threat intelligence integration?

  • A Intelligence
  • B Response
  • C Prevention
  • D Containment
Explanation The Intelligence service aggregates and integrates threat data; the others focus on different aspects of EDR.
Q59

A company needs to ensure their endpoints are not running outdated software. What feature in VMware Carbon Black can help?

  • A Application Control
  • B Threat Hunting
  • C Incident Response
  • D Malware Detection
Explanation Application Control blocks unapproved software; the others do not enforce application versions.
Q60

You are configuring sensor deployment settings. What does the 'Deployment Timeout' parameter control?

  • A Period for sensor connection retries
  • B Max time for incident reports
  • C Threshold for data retention
  • D Duration for system scans
Explanation Deployment Timeout refers to retries; other options pertain to different aspects of operations.