VMware Security Specialist (2022) — Question 6

An administrator wants to be notified when particular Tactics, Techniques, or Procedures (TTPs) are observed on a managed endpoint.
Which notification option must the administrator configure to receive this notification?

Answer options

• A. Alert that crosses a threshold with the "observed" option selected
• B. Alert that includes specific TTPs
• C. Alert for a Watchlist hit
• D. Policy action that is enforced with the "deny" opt ion selected

Correct answer: C

Explanation

The correct answer is C because alerts for Watchlist hits specifically notify administrators when defined TTPs are detected. Option A does not guarantee the detection of specific TTPs, option B may not trigger if TTPs are not part of a Watchlist, and option D is focused on denying access rather than notifying on TTPs.