28% OFF Automatically For You
VMware Carbon Black Portfolio Skills
1.An administrator wants to query the status of the firewall for all endpoints. The
administrator will query the registry key found here HKEY_LOCAL_MACHINE\SYSTE
To make the results easier to understand, the administrator wants to return either
enabled or disabled for the results, rather than the value from the registry key.
Which SQL statement will rewrite the output based on a specific result set returned
from the system?
2.An analyst navigates to the alerts page in Endpoint Standard and sees the
What does the yellow color represent on the left side of the row?
A. It is an alert from a watchlist rather than the analytics engine.
B. It is a threat alert and warrants immediate investigation.
C. It is an observed alert and may indicate suspicious behavior.
D. It is a dismissed alert within the user interface.
3.An Enterprise EDR administrator sees the process in the graphic on the Investigate
page but does not see an alert for this process:
How can the administrator generate an alert for future hits against this watchlist?
A. select the watchlist on the watchlists page, select the Scheduled Task Created
report, and use Take Action to select Alert on hit for the report.
B. Select the watchlist on the watchlists page, select the Scheduled Task Created
report, and use Take Action to toggle Alert on hit to On.
C. Select the watchlist on the watchlists page and click on Alerts: Off to toggle the
alerts to On.
D. Select the watchlist on the watchlists page, use Take Action to select Edit, and
select Alert on hit.
4.An administrator runs multiple queries on tables and combines the results after the
fact to correlate data. The administrator