VMware Security Specialist (2022) — Question 3

Is it possible to search for unsigned files in the console?

Answer options

• A. Yes, by using the search: NOT process_publisher_state:FILE_SIGNATURE_STATE_SIGNED
• B. No, it is not possible to return a query for unsigned files.
• C. Yes, by using the search: process_publisher_state:FILE_SIGNATURE_STATE_UNSIGNED
• D. Yes, by looking at signed and unsigned executables in the environment and seeing if another difference can be found, thus locating unsigned files in the environment.

Correct answer: C

Explanation

The correct answer is C because it specifically provides the correct search command to identify unsigned files. Option A is incorrect as it searches for signed files instead. Option B is incorrect because it states that querying is impossible, which is not true. Option D, while it suggests a method for identification, does not provide a direct search command in the console.