VMware Exam 5V0-93.22 Topic 1 Question 13 Discussion

Actual exam question for VMware's 5V0-93.22 exam

Question #: 13
Topic #: 1

An administrator wants to prevent malicious code that has not been seen before from retrieving credentials from the Local Security Authority Subsystem Service, without causing otherwise good applications from being blocked.

Which rule should be used?

A[Unknown application] [Retrieves credentials] [Terminate process]

B[**/*.exe] [Scrapes memory of another process] [Terminate process]

C[**\lsass.exe] [Scrapes memory of another process] [Deny operation]

D[Not listed application] [Scrapes memory of another process] [Terminate process]

Show Suggested Answer

Suggested Answer: A, E, F

by Carey at Apr 20, 2024, 03:12 PM

Limited Time Offer

25%

Off

Get Premium 5V0-93.22 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Gracia

6 days ago

Option C looks good to me. Denying the operation to lsass.exe seems like the best way to prevent the malicious code without blocking legitimate applications.

upvoted 0 times

...