- All Exams Instant Download
How can the analyst reduce the unneeded alerts?
App Control System Health email alerts for excessive agent backlog are occurring hourly. This is overwhelming the analysts, and they would like to reduce the notifications. How can the analyst reduce the unneeded alerts?A . Set the email address for subscribers to an invalid email.B . Change reminder email to...
Which reputation is processed with the lowest priority for Endpoint Standard?
Which reputation is processed with the lowest priority for Endpoint Standard?A . Local WhiteB . Known MalwareC . Trusted WhiteD . Common WhiteView AnswerAnswer: B
Which process would show in the query results?
Review this EDR query: childproc_name:whoami.exe AND childproc_name:hostname.exe AND childproc_name:tasklist.exe AND childproc_name:ipconfig.exe Which process would show in the query results?A . Any process invoked by whoami.exe, hostname.exe, tasklist.exe, and ipconfig.exeB . Any process invoked by whoami.exe, hostname.exe, tasklist.exe, or ipconfig.exeC . Any process invoking whoami.exe, hostname.exe, tasklist.exe, or ipconfig.exeD . Any...
Which SQL statement should be used to achieve this goal?
An administrator runs multiple queries on tables and combines the results after the fact to correlate data. The administrator needs to combine rows from multiple tables based on data from a related column in each table. Which SQL statement should be used to achieve this goal?A . JOINB . WHEREC...
What is the maximum number of binaries (hashes) that can be banned using the web console?
What is the maximum number of binaries (hashes) that can be banned using the web console?A . 500B . 600C . 300D . 400View AnswerAnswer: C
Which blocking and isolation rule fulfills this requirement?
There is a requirement to block ransomware when a sensor is offline. Which blocking and isolation rule fulfills this requirement?A . Known Malware ―> Performs ransomware-like behavior ―> Terminate processB . Not Listed Application ―> Performs ransomware-like behavior ―> Deny operationC . Suspect Malware ―> Performs ransomware-like behavior ―> Deny...
What is the meaning of the black dot shown under Tags?
Review this result after executing a query in the Process Search page, noting the circled black dot: What is the meaning of the black dot shown under Tags?A . The execution of the process resulted in watchlist hits.B . The events for the process were tagged in an investigation.C ....
Which term will accomplish this search?
An administrator wants to find instances where the binary Is unsigned. Which term will accomplish this search?A . NOT process_publisher:FILE_SIGNATURE_STATE_SIGNEDB . NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNEDC . process_publisher_state:FILE_SIGNATURE_STATE_NOT_SIGNEDD . process_publisher:FILE_SIGNATURE_STATE_NOT_SIGNEDView AnswerAnswer: B
How can the analyst change the alert severity value, if this is possible?
An analyst is reviewing an alert in Enterprise EDR from a custom watchlist. The analyst disagrees with the alert severity rating. How can the analyst change the alert severity value, if this is possible?A . The alert severity is assigned by the backend analytics.B . The alert severity is not...
Which statement filters data to only return rows where the publisher of the software includes VMware anywhere in the name?
Which statement filters data to only return rows where the publisher of the software includes VMware anywhere in the name?A . WHERE publisher = "%VMware%"B . WHERE publisher = "%VMware"C . WHERE publisher LIKE "VMware%"D . WHERE publisher LIKE "%VMware%"View AnswerAnswer: D
