5V0-93.22 Exam Dumps : VMware Carbon Black Cloud Endpoint Standard Skills

• The connectivity that is required for VMware Carbon Black Cloud Endpoint Standard to perform Sensor Certificate Validation is TCP/443 to GoDaddy OCSP and CRL URLs (crl.godaddy.com and ocsp.godaddy.com). Sensor Certificate Validation is a feature that allows the Carbon Black Cloud agent to verify the authenticity and validity of the certificates used by the Carbon Black Cloud services. This feature enhances the security and trust of the communication between the agent and the cloud. To perform Sensor Certificate Validation, the agent needs to access the Online Certificate Status Protocol (OCSP) and Certificate Revocation List (CRL) services provided by GoDaddy, the certificate authority that issues the certificates for Carbon Black Cloud. These services use the HTTPS protocol, which runs on port 443. Therefore, the agent needs to have TCP/443 connectivity to the GoDaddy OCSP and CRL URLs, which are crl.godaddy.com and ocsp.godaddy.com12.
• The other options are incorrect because they do not specify the correct protocol, port, or URLs for Sensor Certificate Validation. TCP/80 is the port for HTTP, not HTTPS, and it is not used by the OCSP and CRL services. GoDaddy CRL URL is only one of the two URLs that the agent needs to access, the other one is GoDaddy OCSP URL. References:
• VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Module 1: Introduction, page 1-8.
• VMware Carbon Black Cloud Endpoint Standard User Guide, Chapter 2: Sensor Installation, page 17.

When an administrator dismisses a group of alerts and ticks the box for “Dismiss future instances of this alert on all devices in all policies”, the following happens:

• The alerts are moved to the Dismissed tab on the Alerts page, and the alert count is reduced accordingly.
• The alerts are no longer displayed on the Dashboard or the Device page.
• The alerts are no longer considered for the device health score or the policy health score.
• The alerts are no longer sent to any configured Notifications.

Therefore, if a new alert is added to the same group of alerts, it will also be dismissed automatically and follow the same rules as above. This means that the alert will show when the Dismissed filter is selected on Alerts page, but a Notification email will not be sent. References: VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 6.2: Dismissing Alerts, Page 46.

The correct statement regarding Blocking/Isolation rules and Permission rules is D. Blocking & Isolation rules are overridden by Permission Rules. This means that if a file or process matches both a Blocking/Isolation rule and a Permission rule, the action specified by the Permission rule will take precedence over the action specified by the Blocking/Isolation rule. For example, if a file has a reputation of SUSPECT_MALWARE and a Blocking/Isolation rule is set to terminate any SUSPECT_MALWARE file that runs, but a Permission rule is set to allow and log any file that runs from a specific path, the file will be allowed and logged if it runs from that path, regardless of its reputation. Permission rules are useful for tuning the behavior of VMware Carbon Black Cloud Endpoint Standard and preventing false positives or unnecessary blocks1.

The other statements are false or irrelevant. Blocking & Isolation rules are not overridden by Upload Rules. Upload Rules are rules that specify which files and metadata are uploaded to the Carbon Black Cloud for analysis and reputation. Upload Rules do not affect the prevention or detection capabilities of VMware Carbon Black Cloud Endpoint Standard2. Permission Rules are not overridden by Blocking & Isolation rules. As explained above, Permission Rules have a higher priority than Blocking & Isolation rules and can override their actions. Upload Rules are not overridden by Blocking & Isolation rules. Upload Rules and Blocking & Isolation rules are independent of each other and do not affect each other’s functionality. References:

• Prevention Policy Settings - VMware Docs, Permissions section, Action subsection.
• Upload Rules - VMware Docs, Overview section.