🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
1V0-91.22
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
1V0-91.22 VMware/Broadcom Coming Soon

1V09122 Security Associate (1V0-91.22)

The exam validates proficiency in VMware security fundamentals, Carbon Black Cloud, endpoint prevention, detection and response, and threat hunting, ensuring candidates can implement and manage core security controls in virtualized environments.

135
Minutes
51
Questions
300/500
Passing Score
$250
Exam Cost

Who Should Take This

IT professionals, system administrators, and security analysts who work with VMware infrastructures and have foundational knowledge of networking and operating systems should pursue this certification. It targets individuals seeking to demonstrate practical expertise in deploying and maintaining VMware security solutions, and to advance toward senior security engineering roles.

What's Covered

1 Domain 1: Security Fundamentals
2 Domain 2: Carbon Black Cloud Platform
3 Domain 3: Endpoint Prevention
4 Domain 4: Detection and Response
5 Domain 5: Threat Hunting and Integration
6 Domain 6: VMware Security Ecosystem
7 Domain 7: Incident Response and Compliance

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

60 learning goals
1 Domain 1: Security Fundamentals
2 topics

Threat Landscape

  • Identify cyber threat categories: malware, ransomware, fileless attacks, phishing, supply chain compromise, and advanced persistent threats.
  • Describe the cyber kill chain phases and identify detection and disruption opportunities at each stage of an attack.
  • Explain the MITRE ATT&CK framework organizing adversary tactics, techniques, and procedures for structured threat detection and analysis.
  • Analyze a security incident mapping observed indicators to MITRE ATT&CK techniques to determine attack stage and recommend response.

Security Architecture

  • Identify defense-in-depth principles: network segmentation, endpoint protection, identity management, data encryption, and security monitoring.
  • Describe zero-trust architecture tenets: verify explicitly, least-privilege access, and assume breach across all access decisions.
  • Explain VMware zero-trust implementation through NSX micro-segmentation, Carbon Black endpoint protection, and Workspace ONE conditional access.
  • Analyze a security architecture and identify missing defense-in-depth layers across network, endpoint, identity, and data protection.
2 Domain 2: Carbon Black Cloud Platform
2 topics

Architecture

  • Identify CB Cloud components: cloud console, endpoint sensors, cloud analytics engine, threat intelligence feeds, and reputation service.
  • Describe how sensors collect process, network, file, and registry telemetry from endpoints for cloud-based behavioral analysis.
  • Explain how the analytics engine processes telemetry through behavioral models, reputation lookups, and ML classifiers to detect threats.
  • Analyze CB Cloud data flow from sensor through cloud processing to alert generation identifying potential failure points.

Sensor Deployment

  • Identify sensor deployment methods: direct MSI/PKG install, GPO, SCCM, Workspace ONE, and Intune distribution.
  • Describe sensor configuration: sensor groups, auto-update policies, proxy settings, kernel bypass rules, and OS-specific settings.
  • Explain how sensor groups segment endpoints by department, risk level, or OS type for differentiated detection and prevention policies.
  • Configure a phased sensor deployment plan addressing servers, workstations, and VDI with appropriate group-specific policies.
  • Analyze a sensor deployment issue (check-in failure, high CPU, exclusion conflicts) and determine troubleshooting steps.
3 Domain 3: Endpoint Prevention
2 topics

NGAV

  • Identify NGAV capabilities: signature-less detection, behavioral prevention, machine learning models, and cloud reputation scoring.
  • Describe prevention rules evaluating file reputation, known malware indicators, and behavioral patterns to block malicious execution.
  • Explain configuring NGAV policy severity levels (monitor, alert, terminate, deny) to balance detection sensitivity with false positive rates.
  • Analyze a prevention policy scenario recommending settings that minimize false positives while maintaining protection for the stated environment.

Behavioral Prevention and App Control

  • Identify behavioral categories: known malware, suspect malware, PUPs, malicious scripts, fileless attacks, and lateral movement techniques.
  • Describe App Control features: application allow-listing, ban-listing, approval workflows, and publisher trust-based execution policies.
  • Explain creating targeted allow rules, IT Tool entries, and approved hash lists to handle prevention false positives without reducing security.
  • Explain application control rules balancing security enforcement with business-critical application execution requirements.
  • Analyze a locked-down server environment and determine the appropriate NGAV and App Control policy combination.
4 Domain 4: Detection and Response
2 topics

Alert Triage

  • Identify CB Cloud alert types: CB Analytics, threat intelligence watchlist, custom watchlist, and container runtime alerts with severity levels.
  • Describe the alert triage workflow: severity assessment, affected scope, process tree analysis, network indicators, and resolution actions.
  • Explain investigating alerts by examining process trees, parent-child chains, network connections, and file modifications in alert detail.
  • Analyze related alerts across multiple endpoints determining whether they represent a coordinated attack or unrelated incidents.

EDR and Live Response

  • Identify EDR capabilities: Live Response remote shell, process timeline, file retrieval, memory dump, registry inspection, and network events.
  • Describe Live Response connecting to endpoints for real-time investigation: running commands, collecting artifacts, killing processes, and quarantining.
  • Explain using process search and event timeline to trace execution chains and identify the initial infection vector and persistence mechanisms.
  • Explain using network connection data to identify C2 communications, data exfiltration attempts, and unauthorized lateral connections.
  • Analyze an endpoint compromise using EDR data to reconstruct the attack timeline, identify entry point, and determine blast radius.
5 Domain 5: Threat Hunting and Integration
2 topics

Proactive Hunting

  • Identify hunting methodologies: hypothesis-driven, indicator-based, behavioral anomaly, and intelligence-driven approaches.
  • Describe watchlists and IOC feeds enabling continuous automated monitoring for known threat indicators and adversary TTPs.
  • Explain constructing hunting queries using process name, command line, network destination, file hash, and cross-process event fields.
  • Analyze threat intelligence reports and translate adversary TTPs into actionable hunting queries and custom watchlists.

SIEM/SOAR Integration

  • Identify integration points: SIEM forwarding (Splunk, QRadar, Sentinel), SOAR (XSOAR, Phantom), REST API, and webhook notifications.
  • Describe CB Cloud API enabling automated response: device quarantine, hash banning, policy updates, and enrichment lookups.
  • Explain configuring syslog and API-based event forwarding to SIEM for centralized correlation with network and identity events.
  • Analyze a security operations scenario recommending SIEM integration, automated response actions, and reporting configuration.
6 Domain 6: VMware Security Ecosystem
2 topics

NSX and Network Security

  • Identify NSX security capabilities: distributed firewall, gateway firewall, IDS/IPS, and micro-segmentation for data center zero-trust.
  • Describe how NSX and Carbon Black share threat context enabling network-level quarantine of endpoints with detected compromises.
  • Explain combining endpoint telemetry (Carbon Black) with network visibility (NSX) for comprehensive kill chain detection coverage.
  • Analyze a data center security scenario requiring endpoint and network protection recommending the integrated VMware security stack.

vSphere and Infrastructure Security

  • Identify vSphere security: VM encryption, vTPM, Secure Boot, ESXi lockdown mode, VMCA certificate management, and audit logging.
  • Describe security hardening guides (STIG, CIS benchmarks) providing configuration baselines for ESXi hosts and vCenter Server.
  • Explain how Workspace ONE and Carbon Black together deliver device trust, conditional access, and endpoint threat response for digital workspaces.
  • Explain how vSphere audit logs, Carbon Black telemetry, and NSX flow logs combine for comprehensive infrastructure security visibility.
  • Analyze a security posture assessment and recommend the VMware product combination across endpoint, network, and infrastructure layers.
7 Domain 7: Incident Response and Compliance
2 topics

Incident Response Process

  • Identify incident response phases: preparation, identification, containment, eradication, recovery, and lessons learned.
  • Describe how Carbon Black Cloud supports each IR phase through sensor telemetry, alert triage, Live Response containment, and forensic artifacts.
  • Explain how to create and execute a containment strategy using device quarantine, hash banning, and network isolation via NSX firewall rules.
  • Analyze a multi-stage incident and determine the appropriate containment, eradication, and recovery actions using VMware security tools.

Compliance and Reporting

  • Identify compliance frameworks relevant to endpoint security: CIS Benchmarks, NIST CSF, PCI DSS endpoint requirements, and HIPAA safeguards.
  • Describe how Carbon Black Cloud audit and remediation queries assess endpoint compliance against organizational security baselines.
  • Explain how to generate compliance reports using Carbon Black dashboards, Aria Operations compliance views, and vSphere hardening guide assessments.
  • Analyze a compliance gap assessment and recommend the appropriate remediation actions across endpoint, network, and infrastructure layers.

Scope

Included Topics

  • Security fundamentals, threat landscape, VMware Carbon Black Cloud platform, NGAV, EDR, threat hunting, NSX micro-segmentation, vSphere security, and SIEM/SOAR integration aligned to VCTA-SEC.
  • Key technologies: Carbon Black Cloud console/sensors, Live Response, watchlists, NSX distributed firewall, vSphere encryption/vTPM/Secure Boot, and Workspace ONE security.

Not Covered

  • Advanced malware analysis, reverse engineering, and forensic investigation at professional depth.
  • Carbon Black API development and SOAR playbook scripting.
  • Physical security and regulatory compliance auditing.

Official Exam Page

Learn more at VMware/Broadcom

Visit

1V0-91.22 is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

VMware® and all VMware certification names are registered trademarks of VMware, Inc. (a subsidiary of Broadcom). VMware does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.