Question 6 of 56
An Enterprise EDR administrator has created a custom Watchiist and wants to add a custom query to a report in the custom Watchiist.
From which page can the administrator add this custom query?
From which page can the administrator add this custom query?
Correct Answer: C
Question 7 of 56
A security policy states to enable Live Response by default across the enterprise. However, the team identified critical systems which should not support Live
Response due to risk. The team needs to disable Live Response on selected systems.
From which page can this goal be accomplished?
Response due to risk. The team needs to disable Live Response on selected systems.
From which page can this goal be accomplished?
Correct Answer: D
Question 8 of 56
An analyst is investigating a specific alert in Endpoint Standard. The analyst selects the investigate button from the alert triage page and sees the following:
Which statement accurately characterizes this situation?
Which statement accurately characterizes this situation?
Correct Answer: D
Question 9 of 56
Examine the following EDR query:
file_desc:`Windows Command Processor` AND -process_name:cmd.exe
Which process will show in the query results?
file_desc:`Windows Command Processor` AND -process_name:cmd.exe
Which process will show in the query results?
Correct Answer: C
Question 10 of 56
Carbon Black App Control maintains an inventory of all interesting (executable) files on endpoints where the agent is installed.
What is the initial inventory procedure called, and how can this process be triggered?
What is the initial inventory procedure called, and how can this process be triggered?
Correct Answer: A