5V0-91.20 Online Practice Questions and Answers

An administrator wants to query the status of the firewall for all endpoints. The administrator will query the registry key found here

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s \FirewallPolicy\StandardProfile.

To make the results easier to understand, the administrator wants to return either enabled or disabled for the results, rather than the value from the registry key.

Which SQL statement will rewrite the output based on a specific result set returned from the system?

A. CASE

B. AS

C. ALTER

D. SELECT

What is the meaning, if any, of the event Report write (removable media)?

A. This event would never occur. App Control does not report activity on removable media.

B. A Policy's device control setting `Block writes to unapproved removable media' is set to Report Only. The event details show the process, file name, and hash modified or deleted on the removable media.

C. A Policy's device control setting `Block writes to unapproved removable media' is set to Report Only. The event details show the process and file name modified or deleted on the unapproved removable media.

D. A Policy's device control setting `Block writes to unapproved removable media' is set to Enabled. The event details show the process, file name, and hash modified or deleted on the removable media.

Refer to the exhibit:

Which two logic statements correctly explain filtering within the UI? (Choose two.)

A. Filtering between fields is a logical OR

B. Filtering within the same field is a logical AND C. Filtering between fields is a logical AND

D. Filtering between fields is a logical XOR

E. Filtering within the same field is a logical OR

An Endpoint Standard administrator is working with an IT team to explicitly permit specific applications from the environment using both the IT Tools and Certs Approved List features.

Once applied, which reputation would these applications be classified under for processing?

A. Trusted White

B. Company White

C. Local White

D. Common White

Review the following search:

childproc_name:"rundll32.exe" AND -digsig_result:"Signed" AND path:c:\windows\*

What is this search looking for?

A. Processes being launched by rundll32.exe running out of the windows directory that are not signed

B. Instances of rundll32.exe running out of the windows directory that are not signed

C. Instances of rundll32.exe running out of the windows directory that are signed

D. Processes launching rundll32.exe running out of the windows directory that are not signed

An analyst wants to block an application's specific behavior but does not want to kill the process entirely as it is heavily used on workstations. The analyst needs to use a Blocking and Isolation Action to ensure that the process is kept alive while blocking further unwanted activity.

Which Blocking and Isolation Action should the analyst use to accomplish this goal?

A. Log Operation

B. Deny Operation

C. Terminate Process

D. Block Process

An administrator has updated a Threat Intelligence Report by turning it into a watchlist and needs to disable (Ignore) the old Threat Intelligence Report.

Where in the UI is this action not possible to perform?

A. Search Threat Reports Page

B. Threat Intelligence Feeds Page

C. Threat Report Page

D. Triage Alerts Page

Which wildcard configuration applies a policy to all files and subfolders in a specific folder in Endpoint Standard?

A. C:\Program Files\example\$$

B. C:\Program Files\example\**

C. C:\Program Files\example\$

D. C:\Program Files\example\*

Level 3 service desk personnel have been approved to modify computer enforcement levels by security

governance.

Which set of steps is required to implement this change?

A. Assign permission "Temporary assign computers" to each user.

B. Create new user role, assign permission "Manage computers" to role.

C. Create new user role, map AD group to role, assign permission "Manage computers" to role.

D. Create new user role, map AD group to role, assign permission "Temporary assign computers" to role.

An administrator runs the following query in Audit and Remediation:

SELECT *

FROM users

WHERE UID >= 500;

How long will this query stay active and accept data from the sensors?

A. 14 days

B. 30 days

C. 7 days

D. 1 day