App Control System Health email alerts for excessive agent backlog are occurring hourly.
This is overwhelming the analysts, and they would like to reduce the notifications.
How can the analyst reduce the unneeded alerts?
A. Set the email address for subscribers to an invalid email.
B. Change reminder email to daily or disabled.
C. Disable the alert.
D. Delete the alert.
Which action is only available for the "Performs any operation" and "Performs any API Operation" operation attempts?
A. Bypass
B. Allow and Log
C. Runs or is Running
D. Allow
An incorrectly constructed watchlist generates 10,000 incorrect alerts.
How should an administrator resolve this issue?
A. Delete the watchlist to automatically clear the alerts, and then create a new watchlist with the correct criteria.
B. From the Triage Alerts Page, use the facets to select the watchlist, click the Wrench button to "Mark all as Resolved False Positive", and then update the watchlist with the correct criteria.
C. Update the Triage Alerts Page to show 200 alerts, click the Select All Checkbox, click the "Dismiss Alert(s)" button for each page, and then update the watchlist with the correct criteria.
D. From the Watchlists Page, select the offending watchlist, click "Clear Alerts" from the Action menu, and then update the watchlist with the correct criteria.
An Endpoint Standard analyst runs the query in the graphic below:
Which three statements are true from the results shown? (Choose three.)
A. The process is a PowerShell process running a script with a .ps1 extension.
B. The process has a threat score greater than 4.
C. The process made a network connection to another system.
D. The process had a NOT_LISTED reputation at the time the event occurred.
E. The process was run under the NT_AUTHORITY\SYSTEM user context.
F. The process was able to inject code into another process.
Which statement is true when searching through the EDR server UI?
A. The backslash \ is the character to escape characters.
B. Whitespaces between search terms imply the OR operator.
C. The percent symbol % is the character to represent a wildcard.
D. The exclamation point ! is the character to represent negation.
An administrator ran the following query.
SELECT name, VERSION, install_location, install_source, publisher, install_date, uninstall_string FROM
programs WHERE publisher = "Microsoft Corporation";
The administrator notices a lot of installed programs are not returned.
How can the administrator alter the query to see all results?
A. Edit the WHERE clause to remove the quotes
B. Remove the WHERE clause
C. Replace the = with LIKE
D. Change the WHERE clause to = "*"
An Endpoint Standard administrator is working with an IT team to explicitly permit specific applications from the environment using both the IT Tools and Certs Approved List features.
Once applied, which reputation would these applications be classified under for processing?
A. Trusted White
B. Company White
C. Local White
D. Common White
Review the following search:
childproc_name:"rundll32.exe" AND -digsig_result:"Signed" AND path:c:\windows\*
What is this search looking for?
A. Processes being launched by rundll32.exe running out of the windows directory that are not signed
B. Instances of rundll32.exe running out of the windows directory that are not signed
C. Instances of rundll32.exe running out of the windows directory that are signed
D. Processes launching rundll32.exe running out of the windows directory that are not signed
In which two ways can the tamper protection on an App Control agent be disabled when diagnosing agent issues or removing the agent? (Choose two.)
A. From the Computer Details page on the web console
B. From the Files on Computers page on the web console
C. Run authenticated DasCLI on Windows command prompt
D. Run RepCLI on Windows command prompt
E. From the File Catalog page on the web console
Which statement should be used when constructing queries in Carbon Black Audit and Remediation, Live Query?
A. ALTER
B. UPDATE
C. REMOVE
D. SELECT
