VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 71–80 of 195

Q71

A company needs to enforce network segmentation for sensitive workloads. What is the recommended approach in VMware Carbon Black?

  • A Use network policies
  • B Disable all traffic
  • C Set up VPN only
  • D Regularly reboot servers
Explanation Implementing network policies effectively enforces segmentation, while the other options are insufficient or unrelated.
Q72

What happens when a file is marked as 'malicious' in VMware Carbon Black EDR?

  • A It is automatically deleted
  • B Alerts are generated
  • C No action is taken
  • D File access is encrypted
Explanation Marking a file as malicious triggers alerts for further investigation; other options are inaccurate.
Q73

Which service in VMware Carbon Black EDR provides automated threat hunting capabilities?

  • A ThreatHunter
  • B EventForwarder
  • C LogInsights
  • D ThreatCheck
Explanation ThreatHunter is designed for automated threat hunting, while the others serve different functions.
Q74

A company needs to ensure all agents are managed from a single console. Which Carbon Black solution should they implement?

  • A Carbon Black Cloud
  • B CB Response
  • C CB Defense
  • D CB ThreatSight
Explanation Carbon Black Cloud allows centralized management of all agents, unlike others which focus on specific functions.
Q75

What happens when an endpoint's machine learning model gets retrained?

  • A It loses previous data
  • B Its detection accuracy increases
  • C It resets all configurations
  • D No significant impact occurs
Explanation Retraining generally enhances detection capabilities by updating the model with new threat data, unlike the other options which suggest negative impacts.
Q76

What happens when an endpoint initiates a process that is on the block list?

  • A The endpoint process is terminated immediately.
  • B An alert is generated and logged.
  • C The process is allowed to run.
  • D The endpoint is quarantined.
Explanation The block list enforces immediate termination of the process, preventing malicious actions; alerts may follow but aren't immediate actions.
Q77

You are configuring a detection rule for suspicious file modifications. Which option is critical for rule accuracy?

  • A Specify user roles with access.
  • B Identify trusted application sources.
  • C Define the file types monitored.
  • D Set the time of day for scans.
Explanation Defining file types ensures the detection rule focuses on relevant changes, while the other options do not directly impact the detection specifics.
Q78

Which service in VMware Carbon Black helps in threat hunting?

  • A Intelligence Services
  • B Live Response
  • C Event Analysis
  • D Device Control
Explanation Event Analysis provides detailed logs and context useful for effective threat hunting; other services support other functionalities.
Q79

Which service allows for remote investigation of endpoint threats in Carbon Black?

  • A Remote Live Response
  • B Threat Intelligence
  • C Policy Management
  • D Integration Services
Explanation Remote Live Response allows real-time threat investigation, while the others focus on different functions.
Q80

A company needs to ensure compliance with regulations regarding data handling. What specific feature in Carbon Black should they focus on?

  • A Data Loss Prevention
  • B Behavioral EDR
  • C Audit Logs
  • D VMware Fusion
Explanation Audit Logs provide traceability essential for compliance, unlike DLP which focuses on data protection.