VMware

Carbon Black Endpoint Detection and Response Technical Specialist

250-601

Validate your skills in endpoint detection with the 250-601 exam.

195 questions 0 views Free
Start Mock Test Timed · Full-length · Scored

Questions 81–90 of 195

Q81

What happens when a suspicious file is detected by Carbon Black's prevention policies?

  • A File is automatically quarantined
  • B Alert is only generated
  • C System shutdown initiated
  • D Antivirus software scans begin
Explanation Automatically quarantining helps prevent execution of threats, while others do not provide adequate immediate action.
Q82

Which service in VMware Carbon Black provides real-time visibility and analysis of security alerts?

  • A Threat Analysis
  • B Sensor Management
  • C Incident Response
  • D Live Response
Explanation Threat Analysis enables visibility and analysis of alerts, while the other options involve different functionalities within the platform.
Q83

A company needs to isolate a compromised endpoint for investigation. What should be the first step?

  • A Disable network connectivity
  • B Analyze system logs
  • C Restart the endpoint
  • D Update all security policies
Explanation Isolating the endpoint by disabling connectivity is crucial to prevent further harm; the other options are secondary actions.
Q84

You are configuring a new policy in Carbon Black. What setting should you prioritize to minimize false positives?

  • A High sensitivity for detections
  • B Reputation-based rules
  • C System performance metrics
  • D Default alert settings
Explanation Reputation-based rules focus on known threats, reducing false positives compared to higher sensitivity or default settings.
Q85

Which service in VMware Carbon Black is responsible for monitoring endpoint activity?

  • A Activity Monitoring Service
  • B Endpoint Threat Detection
  • C Endpoint Detection and Response
  • D Malware Analysis Tool
Explanation Endpoint Detection and Response is the service specifically designed for monitoring endpoint activity, while the others serve different functions.
Q86

A company needs to respond to a ransomware alert. What should be the immediate action?

  • A Isolate affected endpoints
  • B Update software immediately
  • C Send to users for review
  • D Contact the vendor for guidance
Explanation Isolating affected endpoints prevents spread; other options are slower responses that may allow ransomware to propagate.
Q87

You are configuring threat types in Carbon Black. What is a consequence of selecting 'Low' severity for a threat?

  • A No action will be taken
  • B Threat will be ignored permanently
  • C Automatic quarantine is initiated
  • D Alerts are logged but not prioritized
Explanation Choosing 'Low' severity logs alerts without immediate action; the other options suggest automatic or permanent responses which do not correspond with low severity settings.
Q88

Which service provides advanced threat hunting in VMware Carbon Black EDR?

  • A ThreatHunter
  • B Endpoint Analytics
  • C Policy Management
  • D Incident Response
Explanation ThreatHunter is designed specifically for advanced threat hunting; the other options focus on different functionalities.
Q89

A company needs to comply with data privacy regulations. Which feature of VMware Carbon Black EDR should they utilize?

  • A Privacy Alerts
  • B Data Retention Policy
  • C User Activity Monitoring
  • D Alert Rules
Explanation The Data Retention Policy helps ensure compliance with data privacy regulations, unlike the other features.
Q90

You are configuring a custom alert in Carbon Black. What happens when you set the threshold to '0'?

  • A No alerts generated
  • B Alerts for all activities
  • C Only high-risk alerts
  • D Daily summary report
Explanation Setting the threshold to '0' means alerts will trigger for all recorded activities, invalidating other thresholds.