🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
5V0-92.22
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
5V0-92.22 VMware/Broadcom Coming Soon

5V09222 CB EDR Specialist (5V0-92.22)

The course teaches specialists how to design, analyze, and operationalize VMware Carbon Black Cloud Enterprise EDR, covering architecture, investigations, custom detections, threat hunting, and response strategies.

135
Minutes
60
Questions
300/500
Passing Score
$250
Exam Cost

Who Should Take This

It is intended for security analysts, incident responders, and threat‑hunting engineers with at least two years of experience in endpoint detection and response who aim to deepen their expertise in VMware Carbon Black Cloud. Participants seek to master advanced investigation techniques, create custom detection rules, and develop proactive response playbooks.

What's Covered

1 Domain 1: EDR Architecture
2 Domain 2: Investigation
3 Domain 3: Custom Detections
4 Domain 4: Threat Hunting
5 Domain 5: Response
6 Domain 6: Integration
7 Domain 7: Operations

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

70 learning goals
1 Domain 1: EDR Architecture
2 topics

Enterprise EDR

  • Apply CB Cloud Enterprise EDR architecture including data collection, cloud analytics, and response capabilities configuration and operational procedures for enterprise VMware environments.
  • Apply CB Cloud Enterprise EDR architecture including data collection, cloud analytics, and response capabilities best practices including deployment standards and integration with related components.
  • Analyze CB Cloud Enterprise EDR architecture including data collection, cloud analytics, and response capabilities configuration and data to identify issues, performance bottlenecks, and optimization opportunities.
  • Analyze CB Cloud Enterprise EDR architecture including data collection, cloud analytics, and response capabilities tradeoffs between different implementation approaches evaluating complexity, cost, and operational impact.
  • Design a CB Cloud Enterprise EDR architecture including data collection, cloud analytics, and response capabilities strategy that satisfies enterprise requirements for scalability, performance, security, and governance.

Data Model

  • Apply CB Cloud event data model including process, network, file, registry, and cross-process events techniques for complex scenarios requiring multi-component coordination and integration.
  • Apply CB Cloud event data model including process, network, file, registry, and cross-process events integration with monitoring, automation, and third-party systems for unified management.
  • Analyze CB Cloud event data model including process, network, file, registry, and cross-process events failures and degradation using diagnostic tools, logs, and metrics to determine root causes.
  • Analyze the operational impact of CB Cloud event data model including process, network, file, registry, and cross-process events changes on dependent services and infrastructure stability.
  • Design comprehensive CB Cloud event data model including process, network, file, registry, and cross-process events procedures including automation, monitoring, escalation, and documentation.
2 Domain 2: Investigation
2 topics

Process Analysis

  • Apply advanced process investigation including execution chains, parent-child relationships, and behavioral patterns configuration and operational procedures for enterprise VMware environments.
  • Apply advanced process investigation including execution chains, parent-child relationships, and behavioral patterns best practices including deployment standards and integration with related components.
  • Analyze advanced process investigation including execution chains, parent-child relationships, and behavioral patterns configuration and data to identify issues, performance bottlenecks, and optimization opportunities.
  • Analyze advanced process investigation including execution chains, parent-child relationships, and behavioral patterns tradeoffs between different implementation approaches evaluating complexity, cost, and operational impact.
  • Design a advanced process investigation including execution chains, parent-child relationships, and behavioral patterns strategy that satisfies enterprise requirements for scalability, performance, security, and governance.

Network Analysis

  • Apply network event investigation including connection mapping, DNS queries, and C2 detection techniques for complex scenarios requiring multi-component coordination and integration.
  • Apply network event investigation including connection mapping, DNS queries, and C2 detection integration with monitoring, automation, and third-party systems for unified management.
  • Analyze network event investigation including connection mapping, DNS queries, and C2 detection failures and degradation using diagnostic tools, logs, and metrics to determine root causes.
  • Analyze the operational impact of network event investigation including connection mapping, DNS queries, and C2 detection changes on dependent services and infrastructure stability.
  • Design comprehensive network event investigation including connection mapping, DNS queries, and C2 detection procedures including automation, monitoring, escalation, and documentation.
3 Domain 3: Custom Detections
2 topics

Watchlist Rules

  • Apply custom watchlist creation with IOC feeds, query-based rules, and report-based detections configuration and operational procedures for enterprise VMware environments.
  • Apply custom watchlist creation with IOC feeds, query-based rules, and report-based detections best practices including deployment standards and integration with related components.
  • Analyze custom watchlist creation with IOC feeds, query-based rules, and report-based detections configuration and data to identify issues, performance bottlenecks, and optimization opportunities.
  • Analyze custom watchlist creation with IOC feeds, query-based rules, and report-based detections tradeoffs between different implementation approaches evaluating complexity, cost, and operational impact.
  • Design a custom watchlist creation with IOC feeds, query-based rules, and report-based detections strategy that satisfies enterprise requirements for scalability, performance, security, and governance.

Detection Tuning

  • Apply detection tuning for false positive reduction, severity calibration, and alert quality improvement techniques for complex scenarios requiring multi-component coordination and integration.
  • Apply detection tuning for false positive reduction, severity calibration, and alert quality improvement integration with monitoring, automation, and third-party systems for unified management.
  • Analyze detection tuning for false positive reduction, severity calibration, and alert quality improvement failures and degradation using diagnostic tools, logs, and metrics to determine root causes.
  • Analyze the operational impact of detection tuning for false positive reduction, severity calibration, and alert quality improvement changes on dependent services and infrastructure stability.
  • Design comprehensive detection tuning for false positive reduction, severity calibration, and alert quality improvement procedures including automation, monitoring, escalation, and documentation.
4 Domain 4: Threat Hunting
2 topics

Hunt Queries

  • Apply advanced threat hunting query development using process, network, and file event criteria configuration and operational procedures for enterprise VMware environments.
  • Apply advanced threat hunting query development using process, network, and file event criteria best practices including deployment standards and integration with related components.
  • Analyze advanced threat hunting query development using process, network, and file event criteria configuration and data to identify issues, performance bottlenecks, and optimization opportunities.
  • Analyze advanced threat hunting query development using process, network, and file event criteria tradeoffs between different implementation approaches evaluating complexity, cost, and operational impact.
  • Design a advanced threat hunting query development using process, network, and file event criteria strategy that satisfies enterprise requirements for scalability, performance, security, and governance.

Hunt Methodology

  • Apply structured threat hunting methodology using hypothesis, MITRE ATT&CK, and intelligence-driven approaches techniques for complex scenarios requiring multi-component coordination and integration.
  • Apply structured threat hunting methodology using hypothesis, MITRE ATT&CK, and intelligence-driven approaches integration with monitoring, automation, and third-party systems for unified management.
  • Analyze structured threat hunting methodology using hypothesis, MITRE ATT&CK, and intelligence-driven approaches failures and degradation using diagnostic tools, logs, and metrics to determine root causes.
  • Analyze the operational impact of structured threat hunting methodology using hypothesis, MITRE ATT&CK, and intelligence-driven approaches changes on dependent services and infrastructure stability.
  • Design comprehensive structured threat hunting methodology using hypothesis, MITRE ATT&CK, and intelligence-driven approaches procedures including automation, monitoring, escalation, and documentation.
5 Domain 5: Response
2 topics

Live Response

  • Apply Live Response advanced usage including script execution, file collection, memory analysis, and quarantine configuration and operational procedures for enterprise VMware environments.
  • Apply Live Response advanced usage including script execution, file collection, memory analysis, and quarantine best practices including deployment standards and integration with related components.
  • Analyze Live Response advanced usage including script execution, file collection, memory analysis, and quarantine configuration and data to identify issues, performance bottlenecks, and optimization opportunities.
  • Analyze Live Response advanced usage including script execution, file collection, memory analysis, and quarantine tradeoffs between different implementation approaches evaluating complexity, cost, and operational impact.
  • Design a Live Response advanced usage including script execution, file collection, memory analysis, and quarantine strategy that satisfies enterprise requirements for scalability, performance, security, and governance.

Automated Response

  • Apply automated response workflow design using API-triggered actions for containment and remediation techniques for complex scenarios requiring multi-component coordination and integration.
  • Apply automated response workflow design using API-triggered actions for containment and remediation integration with monitoring, automation, and third-party systems for unified management.
  • Analyze automated response workflow design using API-triggered actions for containment and remediation failures and degradation using diagnostic tools, logs, and metrics to determine root causes.
  • Analyze the operational impact of automated response workflow design using API-triggered actions for containment and remediation changes on dependent services and infrastructure stability.
  • Design comprehensive automated response workflow design using API-triggered actions for containment and remediation procedures including automation, monitoring, escalation, and documentation.
6 Domain 6: Integration
2 topics

SIEM Integration

  • Apply Enterprise EDR SIEM integration with Splunk, QRadar, and Sentinel for centralized correlation configuration and operational procedures for enterprise VMware environments.
  • Apply Enterprise EDR SIEM integration with Splunk, QRadar, and Sentinel for centralized correlation best practices including deployment standards and integration with related components.
  • Analyze Enterprise EDR SIEM integration with Splunk, QRadar, and Sentinel for centralized correlation configuration and data to identify issues, performance bottlenecks, and optimization opportunities.
  • Analyze Enterprise EDR SIEM integration with Splunk, QRadar, and Sentinel for centralized correlation tradeoffs between different implementation approaches evaluating complexity, cost, and operational impact.
  • Design a Enterprise EDR SIEM integration with Splunk, QRadar, and Sentinel for centralized correlation strategy that satisfies enterprise requirements for scalability, performance, security, and governance.

API Automation

  • Apply CB Cloud API automation for bulk operations, data enrichment, and SOC workflow integration techniques for complex scenarios requiring multi-component coordination and integration.
  • Apply CB Cloud API automation for bulk operations, data enrichment, and SOC workflow integration integration with monitoring, automation, and third-party systems for unified management.
  • Analyze CB Cloud API automation for bulk operations, data enrichment, and SOC workflow integration failures and degradation using diagnostic tools, logs, and metrics to determine root causes.
  • Analyze the operational impact of CB Cloud API automation for bulk operations, data enrichment, and SOC workflow integration changes on dependent services and infrastructure stability.
  • Design comprehensive CB Cloud API automation for bulk operations, data enrichment, and SOC workflow integration procedures including automation, monitoring, escalation, and documentation.
7 Domain 7: Operations
2 topics

Alert Management

  • Apply alert management workflow design including triage procedures, escalation criteria, and resolution tracking configuration and operational procedures for enterprise VMware environments.
  • Apply alert management workflow design including triage procedures, escalation criteria, and resolution tracking best practices including deployment standards and integration with related components.
  • Analyze alert management workflow design including triage procedures, escalation criteria, and resolution tracking configuration and data to identify issues, performance bottlenecks, and optimization opportunities.
  • Analyze alert management workflow design including triage procedures, escalation criteria, and resolution tracking tradeoffs between different implementation approaches evaluating complexity, cost, and operational impact.
  • Design a alert management workflow design including triage procedures, escalation criteria, and resolution tracking strategy that satisfies enterprise requirements for scalability, performance, security, and governance.

Reporting

  • Apply EDR reporting and metrics including detection coverage, MTTD, MTTR, and investigation quality techniques for complex scenarios requiring multi-component coordination and integration.
  • Apply EDR reporting and metrics including detection coverage, MTTD, MTTR, and investigation quality integration with monitoring, automation, and third-party systems for unified management.
  • Analyze EDR reporting and metrics including detection coverage, MTTD, MTTR, and investigation quality failures and degradation using diagnostic tools, logs, and metrics to determine root causes.
  • Analyze the operational impact of EDR reporting and metrics including detection coverage, MTTD, MTTR, and investigation quality changes on dependent services and infrastructure stability.
  • Design comprehensive EDR reporting and metrics including detection coverage, MTTD, MTTR, and investigation quality procedures including automation, monitoring, escalation, and documentation.

Scope

Included Topics

  • Carbon Black Cloud Enterprise EDR advanced investigation, custom detections, threat hunting, watchlists, binary analysis, Live Response, API automation, and SIEM integration.
  • Enterprise-level VMware technology knowledge for VMware Carbon Black Cloud Enterprise EDR Specialist.

Not Covered

  • Implementation details beyond stated certification scope.
  • Vendor-specific third-party configurations.
  • Current pricing and partner program details.

Official Exam Page

Learn more at VMware/Broadcom

Visit

5V0-92.22 is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

VMware® and all VMware certification names are registered trademarks of VMware, Inc. (a subsidiary of Broadcom). VMware does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.