An administrator wants to find instances where the binary Is unsigned.
Which term will accomplish this search?
A. NOT process_publisher:FILE_SIGNATURE_STATE_SIGNED
B. process_publisher_state:FILE_SIGNATURE_STATE_NOT_SIGNED
C. NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNED
D. process_publisher:FILE_SIGNATURE_STATE_NOT_SIGNED
正解:C
質問 2:
Which identifier is shared by all events when an alert is investigated?
A. Alert ID
B. Process ID
C. Priority Score
D. Event ID
正解:D
質問 3:
An administrator needs to query all endpoints in the HR group for instances of an obfuscated copy of cmd.exe.
Given this Enterprise EDR query:
process_name:cmd.exe AND device_group:HR AND NOT enriched:true
Which example could be added to the query to provide the desired results?
A. NOT process_company_name:cmd.exe
B. NOT process_internal_name:cmd.exe
C. NOT process_name:cmd.exe
D. NOT process_original_filename:cmd.exe
正解:C
質問 4:
Refer to the exhibit:

Which two statements are true about Carbon Black Live Response (CBLR)? (Choose two.)
A. CBLR is enabled.
B. A CBLR session is established.
C. A CBLR session is not attached.
D. A CBLR session already exists.
E. CBLR is disabled.
正解:C,D
質問 5:
An organization leverages a commonly used software distribution tool to manage deployment of enterprise software and updates. Custom rules are a suitable option to ensure the approval of files delivered by this tool.
Which other trust mechanism could the organization configure for large-scale approval of these files?
A. Trusted Distributor
B. Windows Update
C. Local Approval Mode
D. Rapid Config
正解:C
質問 6:
After an emergency, what does the Restore computer button do on the App Control Home page?
A. Move all computers to the original Enforcement level
B. Move all computers to High Enforcement level
C. Move all computers to Low Enforcement level
D. Move all computers to Medium Enforcement level
正解:A
質問 7:
An administrator wants to query the status of the firewall for all endpoints. The administrator will query the registry key found here HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
\StandardProfile.
To make the results easier to understand, the administrator wants to return either enabled or disabled for the results, rather than the value from the registry key.
Which SQL statement will rewrite the output based on a specific result set returned from the system?
A. AS
B. CASE
C. ALTER
D. SELECT
正解:B
質問 8:
An Endpoint Standard administrator finds a binary in the environment and decides to manually add the file hash to the Banned List.
Which reputation does the file now have?
A. Known Malware
B. Company Black
C. Suspect/Heuristic Malware
D. Adware/PUP Malware
正解:C
増田** -
5V0-91.20問題集を購入し、よく勉強し、今日は5V0-91.20試験に合格しました。本当に嬉しかったです。5V0-91.20問題集は本当に効果がある商品です。