Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

VMware 5V0-93.22 Exam - Topic 1 Question 13 Discussion

An administrator wants to prevent malicious code that has not been seen before from retrieving credentials from the Local Security Authority Subsystem Service, without causing otherwise good applications from being blocked.Which rule should be used?
A) [Unknown application] [Retrieves credentials] [Terminate process]
B) [**/*.exe] [Scrapes memory of another process] [Terminate process]
C) [**\lsass.exe] [Scrapes memory of another process] [Deny operation]
D) [Not listed application] [Scrapes memory of another process] [Terminate process]

VMware 5V0-93.22 Exam - Topic 1 Question 13 Discussion

Actual exam question for VMware's 5V0-93.22 exam
Question #: 13
Topic #: 1
[All 5V0-93.22 Questions]

An administrator wants to prevent malicious code that has not been seen before from retrieving credentials from the Local Security Authority Subsystem Service, without causing otherwise good applications from being blocked.

Which rule should be used?

Show Suggested Answer Hide Answer
Suggested Answer: A, E, F

by Carey at Apr 20, 2024, 03:12 PM

Limited Time Offer

25%

Off

Get Premium 5V0-93.22 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jeffrey
6 months ago
B looks like it could catch a lot of bad stuff too.
upvoted 0 times
...
Felicitas
6 months ago
Wait, are we sure terminating processes is the right move?
upvoted 0 times
...
Shelia
7 months ago
C could be too restrictive, might block legit apps.
upvoted 0 times
...
Lai
7 months ago
I disagree, A seems more effective for unknown apps.
upvoted 0 times
...
Terina
7 months ago
I think option D is the best choice here.
upvoted 0 times
...
Marget
7 months ago
I lean towards option B because it mentions ".exe" files, which are common for applications, but I'm not confident if it would catch everything malicious.
upvoted 0 times
...
Alex
8 months ago
I'm a bit confused about the difference between "terminate process" and "deny operation." I feel like option C could be safer, but it might block legitimate apps too.
upvoted 0 times
...
Luann
8 months ago
I remember practicing a similar question, and I think option D might be more effective since it specifies "not listed application," which could cover more ground.
upvoted 0 times
...
Wilburn
8 months ago
I think option A sounds right since it targets unknown applications trying to retrieve credentials, but I'm not entirely sure if "terminate process" is the best action.
upvoted 0 times
...
Alyce
8 months ago
I'm pretty confident I know the right answer here. Option C looks like the best choice to meet the requirements of the question.
upvoted 0 times
...
Belen
8 months ago
Okay, I think I've got a strategy here. I'll focus on the rule that specifically targets the Local Security Authority Subsystem Service to prevent credential theft, while avoiding rules that might block legitimate applications.
upvoted 0 times
...
Michel
8 months ago
Hmm, I'm a bit confused by the wording here. I'll need to re-read the question a few times to make sure I understand it fully.
upvoted 0 times
...
Craig
8 months ago
This seems like a tricky one. I'll need to think carefully about the implications of each rule.
upvoted 0 times
...
Caprice
8 months ago
Okay, let me think this through step-by-step. I need to identify the key activities where measuring average cost per incident would be most important.
upvoted 0 times
...
Cordie
8 months ago
Okay, I think I've got this. First, I'll copy the `/etc/fstab` file to `/var/tmp` and make it executable for everyone. Then I'll use `setfacl` to grant read and write access to the user Tennie, and deny all access to the user Bernadine. Finally, I'll verify the permissions using `getfacl`.
upvoted 0 times
...
Cordell
8 months ago
I'm not so sure about that. Isn't prioritizing business focal points more related to option B? We did a similar question in practice.
upvoted 0 times
...
Lorean
1 year ago
Option B seems too broad. I don't want to risk shutting down every .exe file on the system. Let's go with the more targeted approach in Option C.
upvoted 0 times
Natalie
12 months ago
User 3: Option C it is then, we don't want to risk shutting down every .exe file on the system.
upvoted 0 times
...
Rosalind
1 year ago
User 2: Rosalind is right, let's go with the more targeted approach in Option C.
upvoted 0 times
...
Lou
1 year ago
User 1: I agree, Option B does seem too broad.
upvoted 0 times
...
...
Samira
1 year ago
Ha! I bet the person who wrote this question has a great sense of humor. 'Scrapes memory of another process' - that's a classic!
upvoted 0 times
Renea
1 year ago
C) [**\\lsass.exe] [Scrapes memory of another process] [Deny operation]
upvoted 0 times
...
Bobbye
1 year ago
Haha, yeah that does sound funny!
upvoted 0 times
...
Barb
1 year ago
A) [Unknown application] [Retrieves credentials] [Terminate process]
upvoted 0 times
...
...
Brianne
1 year ago
I'm not sure about that. Wouldn't terminating the process be a bit too harsh? Maybe we could try a less drastic approach first.
upvoted 0 times
Luisa
12 months ago
User 4: Denying the operation sounds like a more balanced approach to me.
upvoted 0 times
...
Avery
1 year ago
User 3: I agree, denying the operation could be a good first step to prevent malicious code.
upvoted 0 times
...
Arminda
1 year ago
User 2: That could be a good idea. Denying the operation might be less harsh.
upvoted 0 times
...
Tiara
1 year ago
User 1: Maybe we should try denying the operation instead of terminating the process.
upvoted 0 times
...
...
Gracia
1 year ago
Option C looks good to me. Denying the operation to lsass.exe seems like the best way to prevent the malicious code without blocking legitimate applications.
upvoted 0 times
Karol
1 year ago
Yes, denying the operation to lsass.exe specifically targets the potential threat while allowing other applications to function normally.
upvoted 0 times
...
Karol
1 year ago
I agree, option C seems like the most effective way to prevent malicious code without causing issues for good applications.
upvoted 0 times
...
...
Meghann
1 year ago
Because it specifically targets lsass.exe, which is where credentials are stored.
upvoted 0 times
...
Bev
1 year ago
Why do you think that?
upvoted 0 times
...
Meghann
1 year ago
I think the answer is C.
upvoted 0 times
...

Save Cancel