VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 61–70 of 195

Q61

Which service allows integration with third-party threat intelligence feeds in VMware Carbon Black?

  • A Threat Intelligence Management
  • B Incident Response Service
  • C Endpoint Protection Platform
  • D Data Loss Prevention
Explanation Threat Intelligence Management enables integrating external feeds, while others do not specifically focus on this functionality.
Q62

You are configuring alerts for your organization. What happens when an alert triggers due to a detected suspicious file?

  • A No notification is sent.
  • B A full system scan is initiated.
  • C An investigation ticket is created.
  • D All user sessions are terminated.
Explanation An investigation ticket is created to manage the response to the alert, whereas other options do not occur automatically.
Q63

A company needs to ensure no unauthorized processes run during a security incident. Which feature should they enable?

  • A Process Control
  • B Real-time Response
  • C Threat Scoring
  • D Exploit Prevention
Explanation Process Control restricts and manages processes; the other options address different security aspects.
Q64

Which service in VMware Carbon Black enables threat hunting and investigation across endpoints?

  • A ThreatHunter
  • B Response Management
  • C Cloud Configuration
  • D Endpoint Visibility
Explanation ThreatHunter is specifically designed for threat hunting; others focus on different functionalities.
Q65

A company needs to ensure that unapproved applications are not running on endpoints. Which policy should they implement?

  • A Application Control Policy
  • B Device Control Policy
  • C User Behavior Policy
  • D Network Traffic Policy
Explanation Application Control Policy prevents unapproved software; others do not specifically target applications.
Q66

You are configuring an alert for suspicious login attempts on a workstation. What happens when the threshold is exceeded?

  • A Alert is triggered
  • B User is automatically logged out
  • C Endpoint is isolated
  • D No action occurs
Explanation An alert is triggered when the login threshold if exceeded; other options are not typical responses.
Q67

Which service in VMware Carbon Black is responsible for alerting on suspicious activities?

  • A Alerting and Response
  • B Threat Intelligence
  • C Incident Management
  • D Data Retention
Explanation Alerting and Response monitors and identifies suspicious activities, while others serve different roles.
Q68

A company needs to ensure that all endpoints are continuously monitored for threats. Which configuration approach should be implemented?

  • A Scheduled scans only
  • B Real-time monitoring
  • C Weekly reports
  • D Monthly backups
Explanation Real-time monitoring provides continuous threat detection, while others do not.
Q69

What happens when a Carbon Black policy is set to 'NEVER' for a rule?

  • A The rule will always be enforced
  • B The rule becomes inactive
  • C The rule is deleted
  • D The rule raises alerts only
Explanation Setting a rule to 'NEVER' makes it inactive, preventing enforcement.
Q70

Which service in VMware Carbon Black EDR helps in real-time monitoring of endpoint activities?

  • A Sensor
  • B Client
  • C Server
  • D Watchlist
Explanation The Sensor continuously monitors endpoint activity, while the Client and Server refer to application components.