To make sure all files are scanned locally upon execution, the administrator needs to set the On-Access File Scan Mode to Aggressive. This setting will scan all files on execute, regardless of whether they are new or pre-existing on the device. The assigned reputation and policy rules will apply to the scanned files. The other options are incorrect because they are not necessary to complete this task. Option B is incorrect because the Signature Update frequency is not related to the local scanning of files upon execution. It is related to how often the sensor checks in for signature pack updates. Option C is incorrect because the Allow Signature Updates is not related to the local scanning of files upon execution. It is related to enabling or disabling signature updates for the scanner. Option D is incorrect because the Run Background Scan is not related to the local scanning of files upon execution. It is related to enabling or disabling a one-time background scan on any endpoint sensorassigned to a policy. References: Configure Local Scan Settings, Endpoint Standard: How To Configure Local AV Scan
Question # 18
What is a security benefit of VMware Carbon Black Cloud Endpoint Standard?
A.
Events and alerts are tagged with Carbon Black TTPs to provide context around attacks.
B.
Firewall rule configuration are provided in the environment.
C.
Data leakage protection (DLP) is enforced on endpoints or subsets of endpoints.
D.
Customized threat feeds can be combined with other outside threat intelligence sources.
VMware Carbon Black Cloud Endpoint Standard is a next-generation antivirus (NGAV) and behavioral endpoint detection and response (EDR) solution that protects against the full spectrum of modern cyber-attacks. It uses the VMware Carbon Black Cloud’s universal agent and console, the solution applies behavioral analytics to endpoint events to streamline detection, prevention, and response to cyber-attacks. One of the security benefits of Endpoint Standard is that it tags events and alerts with Carbon Black TTPs (tactics, techniques, and procedures) to provide context around attacks. Carbon Black TTPs are based on the MITRE ATT&CK framework, which is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. By tagging events and alerts with Carbon Black TTPs, Endpoint Standard helps security teams to understand the nature and scope of the attack, prioritize the most critical threats, and take appropriate actions to remediate them. References: Carbon Black Cloud Endpoint Standard - Technical Overview, VMware Carbon Black Cloud Endpoint Standard Datasheet, MITRE ATT&CK