An Enterprise EDR administrator sees the process in the graphic on the Investigate page but does not see an alert for this process:

How can the administrator generate an alert for future hits against this watchlist?

A. select the watchlist on the watchlists page, select the Scheduled Task Created report, and use Take Action to select Alert on hit for the report.

B. Select the watchlist on the watchlists page, select the Scheduled Task Created report, and use Take Action to toggle Alert on hit to On.

C. Select the watchlist on the watchlists page and click on Alerts: Off to toggle the alerts to On.

D. Select the watchlist on the watchlists page, use Take Action to select Edit, and select Alert on hit.

Which reputation is processed with the lowest priority for Endpoint Standard?

A. Local White

B. Known Malware

C. Trusted White

D. Common White

Management has directed that the SOC team be enabled to create global file bans via the App Control API.

How would this be configured in the App Control Console?

A. Create a Role, map to corresponding SOC group, and add permission "Manage files" to Role.

B. Add permission "Manage files" and create an API token for each SOC user.

C. Create a Role, map to the corresponding SOC group, add permission "Manage files", and create API token for the Role.

D. Create a Role, map it to the corresponding SOC group, add permission "Manage files" to Role, and create an API token for each user in group.

Review the following search:

childproc_name:"rundll32.exe" AND -digsig_result:"Signed" AND path:c:\windows\*

What is this search looking for?

A. Processes being launched by rundll32.exe running out of the windows directory that are not signed

B. Instances of rundll32.exe running out of the windows directory that are not signed

C. Instances of rundll32.exe running out of the windows directory that are signed

D. Processes launching rundll32.exe running out of the windows directory that are not signed

An analyst on the security team noticed that several alerts are false positives within Enterprise EDR. The analyst disables the IOC within the report from those alerts.

Which statement correctly explains what disabling the IOC will accomplish?

A. That specific IOC in the report will no longer generate hits or alerts on the device from the alert.

B. The report will no longer generate hits or alerts on the device from the alert.

C. That specific IOC in the report will no longer generate hits or alerts.

D. The report will no longer generate hits or alerts.

Which statement is true about Carbon Black Live Response (CBLR)?

A. CBLR sessions do not need to wait for the next sensor check-in.

B. CBLR is disabled by default.

C. CBLR is only available on Windows Endpoints.

D. CBLR cannot be accessed through the API.

Refer to the exhibit, noting the circled red dot:

What is the meaning of the red dot under Hits in the Process Search page?

A. Whether the execution of the process resulted in a syslog hit

B. Whether the execution of the process resulted in a sensor hit

C. Whether the execution of the process resulted in matching hits for different users

D. Whether the execution of the process resulted in a feed hit

Which actions are available for Permissions?

A. Approve, Upload, No Upload

B. Deny Operation, Terminate Process

C. Allow, Allow and Log, Bypass

D. Performs any Operation, Runs or is running

What does the Aggressive setting do when configured in Local Scan Settings?

A. It adds a temporary reputation.

B. It scans all files on execution.

C. It scans new files on first execution.

D. It enables signature updates for the scanner.

Which list below captures all Enforcement Levels for App Control policies?

A. Critical, Lockdown, Monitored, Tracking, Banning

B. High Enforcement, Medium Enforcement, Low Enforcement

C. High Enforcement, Medium Enforcement, Low Enforcement, None (Visibility), None (Disabled)

D. Control, Local Approval, Disabled