Which Sensor Status under Endpoint Health indicates that a system’s policy enforcement is disabled, and
Which Sensor Status under Endpoint Health indicates that a system’s policy enforcement is disabled, and the sensor is not sending security event data to the cloud? A. Quarantined B. Deregistered C. Inactive D. Bypass Reference: https://community.carbonblack.com/t5/Knowledge-Base/CB-Defense-What-Happens-When-Bypass-has-been-Enabled-on-the/ta-p/74905
In which two ways can the tamper protection on an App Control agent be disabled when diagnosing agent issues o
In which two ways can the tamper protection on an App Control agent be disabled when diagnosing agent issues or removing the agent? (Choose two.) A. From the Computer Details page on the web console B. From the Files on Computers page on the web console C. Run authenticated DasCLI on Windows command prompt D. […]
Why is the applied (cloud) reputation UNKNOWN and not NOT_LISTED?
An administrator observes the following event detail in the Investigate tab for an application with an unknown reputation making network connections: Upon further review of the event details returned, the reputation is observed as NOT_LISTED, and the applied (cloud) reputation is UNKNOWN. Why is the applied (cloud) reputation UNKNOWN and not NOT_LISTED? A. The sensor […]
Which two information items are found in the alert pane?
A Carbon Black administrator received an alert for an untrusted hash executing in the environment. Which two information items are found in the alert pane? (Choose two.) A. Launch Live Query B. Launch process analysis C. User quarantine D. Add hash to banned list E. IOC short name
Which rule will kill notepad.exe entirely if this activity is detected in the future?
An analyst has investigated two alerts on two separate HR workstations and found that notepad.exe has established communication to another IP address. Which rule will kill notepad.exe entirely if this activity is detected in the future? A. **\system32\notepad.exe –> Communicates over the network –> Terminate process B. **\system32\notepad.exe –> Runs or is Running –> Deny […]
Which three actions are available for sensors within the Sensor Group?
An administrator needs to manage a group of sensors from within the console. Which three actions are available for sensors within the Sensor Group? (Choose three.) A. Move to group B. Disable C. Restart D. Ban E. Uninstall F. Share Settings Reference: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwjttoeA3ILvAhU6QhUIHZaND-YQFjAAegQIARAD&url=https%3A%2F%2Fcommunity.carbonblack.com%2Fgbouw27325%2Fattachments%2Fgbouw27325%2Fproduct-docs-news%2F3020%2F1%2FCB_EDR_7.3_User_Guide.pdf&usg=AOvVaw23smt4s66MWHdv9jM2PYF- (86)
Which three actions are available to take on the alert?
An analyst is investigating an alert within the Enterprise EDR console and needs to take action on it. Which three actions are available to take on the alert? (Choose three.) A. Ignore alert B. Dismiss C. Dismiss on all devices if grouping is enabled D. Edit watchlist E. Save report G. Notifications history Reference: https://community.carbonblack.com/t5/Knowledge-Base/Carbon-Black-Cloud-How-to-Dismiss-Alerts/ta-p/51766
Which rule definition should be used to address this need?
There is a need to ignore all activity at an application path. Which rule definition should be used to address this need? A. Application at Path, Performs any operation, Bypass B. Application at Path, Runs or is Running, Bypass C. Application at Path, Runs or is Running, Allow & Log D. Application at Path, Performs […]
What is the status of the WINDOWS-CLIENT agent?
An administrator is troubleshooting App Control agent issues. When navigating to the Computer Details page, the administrator sees the following: What is the status of the WINDOWS-CLIENT agent? A. Connected and Up to date B. Disconnected and Up to date C. Connected but unsupported D. Connected but health check failed