An administrator needs to check configurations using Audit across several policies and locations
within the organization.
How can the administrator run the query to only these specific devices?
A process wrote an executable file as detailed in the following event:
Which rule type should be used to ensure that files of the same name and path, written by that
process in the future, will not be blocked when they execute?
Which enforcement level does not block unapproved files but will block files that have been
A. Medium Enforcement
D. Low Enforcement
The protection level applied to computers running the App Control
Agent. A range of levels from High (Block Unapproved) to None
(Disabled) enable you to specify the level of file blocking required.
An administrator has updated a Threat Intelligence Report by turning it into a watchlist and needs to
disable (Ignore) the old Threat Intelligence Report.
Where in the UI is this action not possible to perform?
An analyst navigates to the alerts page in Endpoint Standard and sees the following:
What does the yellow color represent on the left side of the row?
An administrator is concerned that someone may be using unauthorized commands from cmd.exe.
These commands are not considered suspicious or malicious, and there is no policy based around
Which page should the administrator use to find these commands?
An analyst has investigated multiple alerts on a number of HR workstations and found that java.exe is
attempting to PowerShell. Of the Windows workstations in question, the analyst has also found that
Java is installed in multiple locations. The analyst needs to block java.exe from this type of operation.
Which rule meets this need?
Review the following query:
path:c:\program\ files\ \(x86\)\microsoft
How would this query input term be interpreted?
Which statement filters data to only return rows where the publisher of the software includes
VMware anywhere in the name?
An administrator ran the following query.
SELECT name, VERSION, install_location, install_source, publisher, install_date, uninstall_string
FROM programs WHERE publisher = "Microsoft Corporation";
The administrator notices a lot of installed programs are not returned.
How can the administrator alter the query to see all results?