1. Home
  2. VMware
  3. 5V0-91.20

VMware 5V0-91.20 Online Practice Questions and Exam Preparation

5V0-91.20 Exam Details

  • Exam Code
    :5V0-91.20
  • Exam Name
    :VMware Carbon Black Portfolio Skills
  • Certification
    :VMware Certifications
  • Vendor
    :VMware
  • Total Questions
    :116 Q&As
  • Last Updated
    :May 28, 2026

VMware 5V0-91.20 Online Questions & Answers

  • Question 91:

    A process wrote an executable file as detailed in the following event:

    Which rule type should be used to ensure that files of the same name and path, written by that process in the future, will not be blocked when they execute?

    A. Trusted Path
    B. File Creation Control
    C. Advances (Write-Ignore)
    D. Trusted Publisher

  • Question 92:

    Given an event rule: Approve nVidia Drivers, changes the local state to Approved for file writes or execution blocks when the publisher is NVIDIA Corporation. How is an alert created that is triggered whenever an nVidia driver is approved by the event rule?

    A. Add a new Alert of type Event Alert. Set Subtype to New unapproved file to computer and Execution block (unapproved file) and Publisher to NVIDIA Corporation. Click Create and add email recipients.
    B. Click Create Alert on the event rule Approve nVidia Drivers details page. Click Create and add email recipients. Create and Exit.
    C. Click Create Alert on the event rule Approve nVidia Drivers details page. Add email recipients. Create and Exit.
    D. Create a custom rule name Approve nVidia that approves writes or blocks when the publisher is NVIDIA Corporation. Create an alert for rule name Approve nVidia. Click Create and add email recipients.

  • Question 93:

    An administrator is troubleshooting App Control agent issues. When navigating to the Computer Details page, the administrator sees the following:

    What is the status of the WINDOWS-CLIENT agent?

    A. Connected and Up to date
    B. Disconnected and Up to date
    C. Connected but unsupported
    D. Connected but health check failed

  • Question 94:

    Given the following query:

    SELECT hostname, cpu_type, cpu_brand, cpu_physical_cores, cpu_logical_cores, cpu_microcode, (1.0 * physical_memory / (1000*1000*1000)) AS physical_mem_gb, hardware_vendor, hardware_model, hardware_version, hardware_serial

    FROM system_info;

    Which statement Is correct?

    A. This query combines data from several different tables.
    B. This query customizes the results returned by the system.
    C. This query is missing a filter option.
    D. This query shows data from the physical_mem_gb column.

  • Question 95:

    There is a requirement to block ransomware when a sensor is offline. Which blocking and isolation rule fulfills this requirement?

    A. Known Malware --> Performs ransomware-like behavior --> Terminate process
    B. Not Listed Application --> Performs ransomware-like behavior --> Deny operation
    C. Suspect Malware --> Performs ransomware-like behavior --> Deny operation
    D. Unknown Application --> Performs ransomware-like behavior --> Terminate process

  • Question 96:

    Which statement is true about configuring VMware Carbon Black Application Control for use on non-persistent virtual machines (VM's)?

    A. The endpoint housing the agent template must always be on/running except when updating the image.
    B. The gold image housing the agent template must be digitally signed to ensure the integrity of the agent cache.
    C. The endpoint housing the agent template must always be off except when updating the image.
    D. The agent running on the template machine must not be initialized before deploying clones.

  • Question 97:

    Why would a sensor have a status of "Inactive"?

    A. The sensor has not checked in within the last 30 days.
    B. The sensor has been uninstalled from the endpoint for more than 30 days.
    C. The device has been put in bypass for the last 30 days.
    D. The sensor has been in disabled mode for more than 30 days.

  • Question 98:

    Which Sensor Status under Endpoint Health indicates that a system's policy enforcement is disabled, and the sensor is not sending security event data to the cloud?

    A. Quarantined
    B. Deregistered
    C. Inactive
    D. Bypass

  • Question 99:

    Which ID in Endpoint Standard is associated with one specific action, involves up to three different hashes (Parent, Process, Target), and occurs on a single device at a specific time?

    A. Threat ID
    B. Process ID
    C. Alert ID
    D. Event ID

  • Question 100:

    An analyst is investigating an alert within the Enterprise EDR console and needs to take action on it. Which three actions are available to take on the alert? (Choose three.)

    A. Ignore alert
    B. Dismiss
    C. Dismiss on all devices if grouping is enabled
    D. Edit watchlist
    E. Save report
    F. Notifications history

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only VMware exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 5V0-91.20 exam preparations and VMware certification application, do not hesitate to visit our Vcedump.com to find your solutions here.