Free VMware 5V0-91.20 Exam Dumps and 5V0-91.20 Exam Questions

Question No: 1

MultipleChoice

Examine the following EDR query:

file_desc:''Windows Command Processor'' AND -process_name:cmd.exe

Which process will show in the query results?

Options

AAny process named something other than cmd.exe with the file description of ''Windows Command
Processor''

BAny process with the binary file description ''Windows Command Processor''

CAny process with the binary file description ''Windows Command Processor'' named cmd.exe

DAny process named cmd.exe

Question No: 2

MultipleChoice

Review the following search:

childproc_name:''rundll32.exe'' AND -digsig_result:''Signed'' AND path:c:\windows\*

What is this search looking for?

Options

AProcesses being launched by rundll32.exe running out of the windows directory that are not signed

BInstances of rundll32.exe running out of the windows directory that are not signed

CInstances of rundll32.exe running out of the windows directory that are signed

DProcesses launching rundll32.exe running out of the windows directory that are not signed

Question No: 3

MultipleChoice

Which action is only available for the ''Performs any operation'' and ''Performs any API Operation'' operation attempts?

Options

ABypass

BAllow & Log

CRuns or is Running

DAllow

Question No: 4

MultipleChoice

Review the following query:

path:c:\program\ files\ \(x86\)\microsoft

How would this query input term be interpreted?

Options

Ac:\program files x86\microsoft

Bc:rogram files (x86)icrosoft

Cc:rogramfilesx86icrosoft

Dc:\program files (x86)\microsoft