VMware Carbon Black Cloud Endpoint Standard Skills 5V0-93.22 Question # 6 Topic 1 Discussion
5V0-93.22 Exam Topic 1 Question 6 Discussion:
Question #: 6
Topic #: 1
A company wants to prevent an executable from running in their organization. The current reputation for the file is NOT LISTED, and the machines are in the default standard policy.
Which action should be taken to prevent the file from executing?
The company banned list is a feature of VMware Carbon Black Cloud Endpoint Standard that allows administrators to prevent specific files from running on the endpoints by their hash values. The company banned list has a higher priority than the file reputation, so even if the file is not listed or unknown by Carbon Black, it will be blocked if its hash is in the company banned list. Adding the hash to the company banned list is the most effective and efficient way to prevent the file from executing on the endpoints. The other options are either not feasible or not scalable. Adding the hash to the malware list would not work, because the malware list is a global list maintained by Carbon Black, and administrators cannot add hashes to it. Using Live Response to kill the process or delete the file would only work for one endpoint at a time, and it would not prevent the file from running again if it is still present on the endpoint or downloaded from another source. References: Carbon Black Cloud Endpoint Standard - Technical Overview, Add Hash to Banned List, Carbon Black Cloud: How to Add a SHA256 Hash to Approved/Banned List
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit