VMware Carbon Black Cloud Endpoint Standard Skills 5V0-93.22 Question # 13 Topic 2 Discussion

5V0-93.22 Exam Topic 2 Question 13 Discussion:

Question #: 13

Topic #: 2

A security administrator is tasked to investigate an alert about a suspicious running process trying to modify a system registry.
Which components can be checked to further inspect the cause of the alert?

Command lines. Device ID, and priority score

Event details, command lines, and TTPs involved

TTPs involved, network connections, and child path

Priority score, file reputation, and timestamp

Get Premium 5V0-93.22 Questions

Explanation

These components can provide more information about the suspicious running process and its behavior, such as:

Event details: This component shows the details of the event that triggered the alert, such as the device name, the device time, the process name, the process path, the process ID, the operation type, the operation result, the registry key, the registry value, and the registry data. The event details can help the security administrator to identify the source and the target of the registry modification attempt, and to verify if the operation was successful or not.

Command lines: This component shows the command lines that were executed by the process or its parent process, such as the arguments, the parameters, the switches, and the environment variables. The command lines can help the security administrator to understand the purpose and the context of the process execution, and to detect any malicious or anomalous commands or scripts.

TTPs involved: This component shows the tactics, techniques, and procedures (TTPs) that were involved in the event, based on the MITRE ATT&CK framework. The TTPs can help the security administrator to assess the severity and the impact of the event, and to correlate the event with other related events or indicators of compromise.

The other components are not as useful or relevant for investigating the alert. A. Device ID and priority score are components that provide general information about the device and the alert, but they do not provide specific details about the suspicious running process or its behavior. C. Network connections and child path are components that show the network activity and the child processes of the suspicious running process, but they do not show the registry modification attempt or its result. D. File reputation and timestamp are components that show the reputation and the time of the file associated with the suspicious running process, but they do not show the command lines orthe TTPs involved in the event. References: VMware Carbon Black Cloud Endpoint Standard Skills Reference Materials, Section 2.3.2: Investigate Alerts, Page 16.

Actual exam question for VMware 5V0-93.22 exam by Zane95999 at Aug 2, 2025, 12:00:00 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

VMware Carbon Black Cloud Endpoint Standard Skills 5V0-93.22 Question # 13 Topic 2 Discussion

VMware Carbon Black Cloud Endpoint Standard Skills 5V0-93.22 Question # 13 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

VMware Carbon Black Cloud Endpoint Standard Skills 5V0-93.22 Question # 13 Topic 2 Discussion

VMware Carbon Black Cloud Endpoint Standard Skills 5V0-93.22 Question # 13 Topic 2 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval