Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

VMware 5V0-93.22 Exam - Topic 1 Question 13 Discussion

Actual exam question for VMware's 5V0-93.22 exam
Question #: 13
Topic #: 1
[All 5V0-93.22 Questions]

An administrator wants to prevent malicious code that has not been seen before from retrieving credentials from the Local Security Authority Subsystem Service, without causing otherwise good applications from being blocked.

Which rule should be used?

Show Suggested Answer Hide Answer
Suggested Answer: A, E, F

by Carey at Apr 20, 2024, 03:12 PM

Limited Time Offer

25%

Off

Get Premium 5V0-93.22 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jeffrey
5 months ago
B looks like it could catch a lot of bad stuff too.
upvoted 0 times
...
Felicitas
5 months ago
Wait, are we sure terminating processes is the right move?
upvoted 0 times
...
Shelia
5 months ago
C could be too restrictive, might block legit apps.
upvoted 0 times
...
Lai
5 months ago
I disagree, A seems more effective for unknown apps.
upvoted 0 times
...
Terina
6 months ago
I think option D is the best choice here.
upvoted 0 times
...
Marget
6 months ago
I lean towards option B because it mentions ".exe" files, which are common for applications, but I'm not confident if it would catch everything malicious.
upvoted 0 times
...
Alex
6 months ago
I'm a bit confused about the difference between "terminate process" and "deny operation." I feel like option C could be safer, but it might block legitimate apps too.
upvoted 0 times
...
Luann
6 months ago
I remember practicing a similar question, and I think option D might be more effective since it specifies "not listed application," which could cover more ground.
upvoted 0 times
...
Wilburn
6 months ago
I think option A sounds right since it targets unknown applications trying to retrieve credentials, but I'm not entirely sure if "terminate process" is the best action.
upvoted 0 times
...
Alyce
6 months ago
I'm pretty confident I know the right answer here. Option C looks like the best choice to meet the requirements of the question.
upvoted 0 times
...
Belen
6 months ago
Okay, I think I've got a strategy here. I'll focus on the rule that specifically targets the Local Security Authority Subsystem Service to prevent credential theft, while avoiding rules that might block legitimate applications.
upvoted 0 times
...
Michel
7 months ago
Hmm, I'm a bit confused by the wording here. I'll need to re-read the question a few times to make sure I understand it fully.
upvoted 0 times
...
Craig
7 months ago
This seems like a tricky one. I'll need to think carefully about the implications of each rule.
upvoted 0 times
...
Caprice
7 months ago
Okay, let me think this through step-by-step. I need to identify the key activities where measuring average cost per incident would be most important.
upvoted 0 times
...
Cordie
7 months ago
Okay, I think I've got this. First, I'll copy the `/etc/fstab` file to `/var/tmp` and make it executable for everyone. Then I'll use `setfacl` to grant read and write access to the user Tennie, and deny all access to the user Bernadine. Finally, I'll verify the permissions using `getfacl`.
upvoted 0 times
...
Cordell
7 months ago
I'm not so sure about that. Isn't prioritizing business focal points more related to option B? We did a similar question in practice.
upvoted 0 times
...
Lorean
11 months ago
Option B seems too broad. I don't want to risk shutting down every .exe file on the system. Let's go with the more targeted approach in Option C.
upvoted 0 times
Natalie
10 months ago
User 3: Option C it is then, we don't want to risk shutting down every .exe file on the system.
upvoted 0 times
...
Rosalind
11 months ago
User 2: Rosalind is right, let's go with the more targeted approach in Option C.
upvoted 0 times
...
Lou
11 months ago
User 1: I agree, Option B does seem too broad.
upvoted 0 times
...
...
Samira
12 months ago
Ha! I bet the person who wrote this question has a great sense of humor. 'Scrapes memory of another process' - that's a classic!
upvoted 0 times
Renea
11 months ago
C) [**\\lsass.exe] [Scrapes memory of another process] [Deny operation]
upvoted 0 times
...
Bobbye
11 months ago
Haha, yeah that does sound funny!
upvoted 0 times
...
Barb
11 months ago
A) [Unknown application] [Retrieves credentials] [Terminate process]
upvoted 0 times
...
...
Brianne
1 year ago
I'm not sure about that. Wouldn't terminating the process be a bit too harsh? Maybe we could try a less drastic approach first.
upvoted 0 times
Luisa
10 months ago
User 4: Denying the operation sounds like a more balanced approach to me.
upvoted 0 times
...
Avery
11 months ago
User 3: I agree, denying the operation could be a good first step to prevent malicious code.
upvoted 0 times
...
Arminda
11 months ago
User 2: That could be a good idea. Denying the operation might be less harsh.
upvoted 0 times
...
Tiara
11 months ago
User 1: Maybe we should try denying the operation instead of terminating the process.
upvoted 0 times
...
...
Gracia
1 year ago
Option C looks good to me. Denying the operation to lsass.exe seems like the best way to prevent the malicious code without blocking legitimate applications.
upvoted 0 times
Karol
11 months ago
Yes, denying the operation to lsass.exe specifically targets the potential threat while allowing other applications to function normally.
upvoted 0 times
...
Karol
12 months ago
I agree, option C seems like the most effective way to prevent malicious code without causing issues for good applications.
upvoted 0 times
...
...
Meghann
1 year ago
Because it specifically targets lsass.exe, which is where credentials are stored.
upvoted 0 times
...
Bev
1 year ago
Why do you think that?
upvoted 0 times
...
Meghann
1 year ago
I think the answer is C.
upvoted 0 times
...

Save Cancel