An alert for a device running a proprietary application is tied to a vital business operation.
Which action is appropriate to take?
Which wildcard configuration applies a policy to all files and subfolders in a specific folder in
Which statement should be used when constructing queries in Carbon Black Audit and Remediation,
How often do watchlists run?
An organization leverages a commonly used software distribution tool to manage deployment of
enterprise software and updates. Custom rules are a suitable option to ensure the approval of files
delivered by this tool.
Which other trust mechanism could the organization configure for large-scale approval of these files?
Refer to the exhibit:
Which two logic statements correctly explain filtering within the UI? (Choose two.)
An administrator wants to query the status of the firewall for all endpoints. The administrator will
registry key found here
To make the results easier to understand, the administrator wants to return either enabled or
disabled for the results, rather than the value from the registry key.
Which SQL statement will rewrite the output based on a specific result set returned from the system?
An analyst wants to block an application's specific behavior but does not want to kill the process
entirely as it is heavily used on workstations. The analyst needs to use a Blocking and Isolation Action
to ensure that the process is kept alive while blocking further unwanted activity.
Which Blocking and Isolation Action should the analyst use to accomplish this goal?
App Control System Health email alerts for excessive agent backlog are occurring hourly. This is
overwhelming the analysts, and they would like to reduce the notifications.
How can the analyst reduce the unneeded alerts?
An administrator needs to query all endpoints in the HR group for instances of an obfuscated copy of
Given this Enterprise EDR query:
process_name:cmd.exe AND device_group:HR AND NOT enriched:true
Which example could be added to the query to provide the desired results?
A company uses Audit and Remediation to check configurations and adhere to compliance
regulations. The regulations require monthly reporting and twelve months of data retained.
How can an administrator accomplish this requirement with Audit and Remediation?
Which list below captures all Enforcement Levels for App Control policies?
An incorrectly constructed watchlist generates 10,000 incorrect alerts.
How should an administrator resolve this issue?
An Enterprise EDR administrator wants to use Watchlists curated by VMware Carbon Black and other
threat intelligence specialists.
How should the administrator add these curated Watchlists from the Watchlists page?
Which identifier is shared by all events when an alert is investigated?