VMware Exam 5V0-93.22 Topic 1 Question 13 Discussion

Actual exam question for VMware's 5V0-93.22 exam

Question #: 13
Topic #: 1

An administrator wants to prevent malicious code that has not been seen before from retrieving credentials from the Local Security Authority Subsystem Service, without causing otherwise good applications from being blocked.

Which rule should be used?

A[Unknown application] [Retrieves credentials] [Terminate process]

B[**/*.exe] [Scrapes memory of another process] [Terminate process]

C[**\lsass.exe] [Scrapes memory of another process] [Deny operation]

D[Not listed application] [Scrapes memory of another process] [Terminate process]

Show Suggested Answer

Suggested Answer: A, E, F

by Carey at Apr 20, 2024, 03:12 PM

Limited Time Offer

25%

Off

Get Premium 5V0-93.22 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Meghann

8 hours ago

Because it specifically targets lsass.exe, which is where credentials are stored.

upvoted 0 times

...

Bev

2 days ago

Why do you think that?

upvoted 0 times

...

Meghann

3 days ago

I think the answer is C.

upvoted 0 times

...