- All Exams Instant Download
How should an administrator resolve this issue?
An incorrectly constructed watchlist generates 10,000 incorrect alerts. How should an administrator resolve this issue?A . Delete the watchlist to automatically clear the alerts, and then create a new watchlist with the correct criteria.B . From the Triage Alerts Page, use the facets to select the watchlist, click the Wrench...
Which three actions are available to take on the alert?
An analyst is investigating an alert within the Enterprise EDR console and needs to take action on it. Which three actions are available to take on the alert? (Choose three.)A . Ignore alertB . DismissC . Dismiss on all devices if grouping is enabledD . Edit watchlistE . Save reportF...
How long does this one-time scan take to complete on endpoints assigned to that policy?
An administrator has configured a policy to run a standard background scan. How long does this one-time scan take to complete on endpoints assigned to that policy?A . 180 daysB . 30 daysC . 3-5 daysD . 1 dayView AnswerAnswer: B
Which rule type should the administrator configure?
An administrator wants to allow files to run from a network share. Which rule type should the administrator configure?A . Execute Prompt (Shared Path)B . Trusted PathC . Network Execute (Allow)D . Write Approve (Network)View AnswerAnswer: A
Which value should an administrator use when reviewing an alert to determine the file reputation at the time the event occurred?
Which value should an administrator use when reviewing an alert to determine the file reputation at the time the event occurred?A . Cloud Reputation (Initial)B . Effective ReputationC . Local ReputationD . Cloud Reputation (Current)View AnswerAnswer: A
In addition to the event Subtype 'New Unapproved File to Computer', what other event subtype is likely to be associated with this sequence?
A process has created a number of interesting (executable) files in one sequence. In addition to the event Subtype 'New Unapproved File to Computer', what other event subtype is likely to be associated with this sequence?A . File Upload CompletedB . New File Discovered on StartupC . File Group CreatedD...
What is known about the alert based on this TTP even if other parts of the alert are unknown?
An administrator receives an alert with the TTP DATA_TO_ENCRYPTION. What is known about the alert based on this TTP even if other parts of the alert are unknown?A . A process attempted to delete encrypted data on the disk.B . A process attempted to write a file to the disk.C...
How often do watchlists run?
How often do watchlists run?A . Every 10 minutesB . Every 5 minutesC . Watchlists can be configured to run at scheduled intervalsD . Every 30 minutesView AnswerAnswer: C
Which SQL statement will rewrite the output based on a specific result set returned from the system?
An administrator wants to query the status of the firewall for all endpoints. The administrator will query the registry key found here HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParameter sFirewallPolicy StandardProfile. To make the results easier to understand, the administrator wants to return either enabled or disabled for the results, rather than the value from the...
Which action is only available for the “Performs any operation” and “Performs any API Operation” operation attempts?
Which action is only available for the “Performs any operation” and “Performs any API Operation” operation attempts?A . BypassB . Allow & LogC . Runs or is RunningD . AllowView AnswerAnswer: A Explanation: Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjClN7SwoXvAhViqnEKHbXpChUQFjAAegQIARAD&url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%2Fproduct-docs-news%2F1413%2F3%2Fcbd-userguide.pdf&usg=AOvVaw1CU0_RmjfwbwAh68IuEKAd(90)
