805 お客様のコメント
質問 1:
While an administrator is reviewing an alert, the device is observed beaconing to an unknown destination.
Which action should be taken to stop this behavior?
A. Put the device in Bypass mode
B. Place the device in Quarantine
C. Assign the application to the Approved List
D. Deregister the sensor
正解:A
質問 2:
Review the following EDR query:
parent_name:outlook.exe AND -alliance_score_srstrust:* AND -digsig_result: "Signed' Which process would show in the query results?
A. Processes invoking outlook.exe that have an SRS Trust value and that are not digitally signed.
B. Processes invoking outlook.exe that do not have an SRS Trust value and that are not digitally signed.
C. Processes invoked by outlook.exe that do not have an SRS Trust value and that are not digitally signed.
D. Processes invoked by outlook.exe that have an SRS Trust value and that are digitally signed.
正解:A
質問 3:
In which two ways can the tamper protection on an App Control agent be disabled when diagnosing agent issues or removing the agent? (Choose two.)
A. From the File Catalog page on the web console
B. From the Computer Details page on the web console
C. Run RepCLI on Windows command prompt
D. From the Files on Computers page on the web console
E. Run authenticated DasCLI on Windows command prompt
正解:B,E
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Review the following EDR query:
(parent_name:powershell.exe OR parent_name:cmd.exe) AND netconn_count:[l TO *] Which process would show in the query results?
A. Processes invoking Powershell.exe or cmd.exe with multiple network connection events
B. Processes invoking Powershell.exe and cmd.exe with multiple network connection events
C. Processes invoked by Powershell.exe or cmd.exe with any number of network connection events
D. Processes invoked by Powershell.exe and cmd.exe with a single network connection event
正解:D
質問 5:
An Endpoint Standard administrator finds a binary in the environment and decides to manually add the file hash to the Banned List.
Which reputation does the file now have?
A. Known Malware
B. Company Black
C. Suspect/Heuristic Malware
D. Adware/PUP Malware
正解:C
質問 6:
An administrator receives an alert with the TTP DATA_TO_ENCRYPTION.
What is known about the alert based on this TTP even if other parts of the alert are unknown?
A. A process attempted to transfer encrypted data on the disk over the network.
B. A process attempted to delete encrypted data on the disk.
C. A process attempted to write a file to the disk.
D. A process attempted to modify a monitored file written by the sensor.
正解:C
質問 7:
An administrator observes the following event detail in the Investigate tab for an application with an unknown reputation making network connections:
Upon further review of the event details returned, the reputation is observed as NOT_LISTED, and the applied (cloud) reputation is UNKNOWN.
Why is the applied (cloud) reputation UNKNOWN and not NOT_LISTED?
A. NOT_LISTED was applied by the sensor after observing no cloud reputation, as evidenced by the applied cloud reputation UNKNOWN.
B. The sensor demoted the local reputation from UNKNOWN to NOT_LISTED based on the coud reputation.
C. The application was UNKNOWN at the time of the event but then later determined to be NOT_LISTED.
D. The sensor demoted the local reputation from NOT_LISTED to UNKNOWN based on the cloud reputation.
正解:C
質問 8:
A company uses Audit and Remediation to check configurations and adhere to compliance regulations. The regulations require monthly reporting and twelve months of data retained.
How can an administrator accomplish this requirement with Audit and Remediation?
A. Schedule the query to run monthly, and export the results for each run to an external location.
B. Schedule the query to run monthly, and set the data retention to 12 months for the query.
C. Schedule the query to run monthly, and no further action is required.
D. Schedule the query to run monthly, and configure the audit log retention to 12 months.
正解:A
While an administrator is reviewing an alert, the device is observed beaconing to an unknown destination.
Which action should be taken to stop this behavior?
A. Put the device in Bypass mode
B. Place the device in Quarantine
C. Assign the application to the Approved List
D. Deregister the sensor
正解:A
質問 2:
Review the following EDR query:
parent_name:outlook.exe AND -alliance_score_srstrust:* AND -digsig_result: "Signed' Which process would show in the query results?
A. Processes invoking outlook.exe that have an SRS Trust value and that are not digitally signed.
B. Processes invoking outlook.exe that do not have an SRS Trust value and that are not digitally signed.
C. Processes invoked by outlook.exe that do not have an SRS Trust value and that are not digitally signed.
D. Processes invoked by outlook.exe that have an SRS Trust value and that are digitally signed.
正解:A
質問 3:
In which two ways can the tamper protection on an App Control agent be disabled when diagnosing agent issues or removing the agent? (Choose two.)
A. From the File Catalog page on the web console
B. From the Computer Details page on the web console
C. Run RepCLI on Windows command prompt
D. From the Files on Computers page on the web console
E. Run authenticated DasCLI on Windows command prompt
正解:B,E
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
Review the following EDR query:
(parent_name:powershell.exe OR parent_name:cmd.exe) AND netconn_count:[l TO *] Which process would show in the query results?
A. Processes invoking Powershell.exe or cmd.exe with multiple network connection events
B. Processes invoking Powershell.exe and cmd.exe with multiple network connection events
C. Processes invoked by Powershell.exe or cmd.exe with any number of network connection events
D. Processes invoked by Powershell.exe and cmd.exe with a single network connection event
正解:D
質問 5:
An Endpoint Standard administrator finds a binary in the environment and decides to manually add the file hash to the Banned List.
Which reputation does the file now have?
A. Known Malware
B. Company Black
C. Suspect/Heuristic Malware
D. Adware/PUP Malware
正解:C
質問 6:
An administrator receives an alert with the TTP DATA_TO_ENCRYPTION.
What is known about the alert based on this TTP even if other parts of the alert are unknown?
A. A process attempted to transfer encrypted data on the disk over the network.
B. A process attempted to delete encrypted data on the disk.
C. A process attempted to write a file to the disk.
D. A process attempted to modify a monitored file written by the sensor.
正解:C
質問 7:
An administrator observes the following event detail in the Investigate tab for an application with an unknown reputation making network connections:
Upon further review of the event details returned, the reputation is observed as NOT_LISTED, and the applied (cloud) reputation is UNKNOWN.
Why is the applied (cloud) reputation UNKNOWN and not NOT_LISTED?
A. NOT_LISTED was applied by the sensor after observing no cloud reputation, as evidenced by the applied cloud reputation UNKNOWN.
B. The sensor demoted the local reputation from UNKNOWN to NOT_LISTED based on the coud reputation.
C. The application was UNKNOWN at the time of the event but then later determined to be NOT_LISTED.
D. The sensor demoted the local reputation from NOT_LISTED to UNKNOWN based on the cloud reputation.
正解:C
質問 8:
A company uses Audit and Remediation to check configurations and adhere to compliance regulations. The regulations require monthly reporting and twelve months of data retained.
How can an administrator accomplish this requirement with Audit and Remediation?
A. Schedule the query to run monthly, and export the results for each run to an external location.
B. Schedule the query to run monthly, and set the data retention to 12 months for the query.
C. Schedule the query to run monthly, and no further action is required.
D. Schedule the query to run monthly, and configure the audit log retention to 12 months.
正解:A
中村** -
全力を尽くして勉強していただきます。5V0-91.20学習教材は有効です。そして、合格率は高いです。