VMware Related Exams
5V0-93.22 Exam
An administrator has configured a terminate rule to prevent an application from running. The administrator wants to confirm that the new rule would have prevented a previous execution that had been observed.
Which feature should the administrator leverage for this purpose?
An organization has the following requirements for allowing application.exe:
Must not work for any user's D:\ drive
Must allow running only from inside of the user's Temp\Allowed directory
Must not allow running from anywhere outside of Temp\Allowed
For example, on one user's machine, the path is C:\Users\Lorie\Temp\Allowed\application.exe.
Which path meets this criteria using wildcards?
An administrator needs to find all events on the Investigate page where the process is svchost.exe, and the path is not the standard path of C:\Windows\System32.
Which advanced search will yield these results?