A Cortex XSOAR customer wants to ingest from a single mailbox. The mailbox brings in reported phishing emails and email requests from human resources (HR) to onboard new users. The customer wants to run two separate workflows from this mailbox, one for phishing and one for onboarding.

What will allow Cortex XSOAR to accomplish this in the most efficient way?

a. Usee machine learning (ML) to determine incident type

b. Create two instances of the email integration and classily one instance as ingesting incidents of type phishing and the other as ingesting incidents of type boarding

c. Use an incident classifier based on field in each type of email to classify those containing “Phish Alert” in the subject as phishing and those containing “Onboard Request” as onboarding

d. Create a playbook to process and determine incident type based on content of the email

Reveal Solution Hide Solution

What allows the use of predetermined Palo Alto Networks roles to assign access rights to Cortex XDR users?

a. Restrictions security profile

b. Cloud identity engine (CIE)

c. Endpoint groups

d. role-based access control (RBAC)

Reveal Solution Hide Solution

What integration allows searching and displaying Splunk results within Cortex XSOAR?

a. Demisto App for Splunk integration

b. SplunkPY integration

c. Splunk integration

d. XSOAR REST API integration

Reveal Solution Hide Solution

How can Cortex XSOAR save time when a phishing incident occurs?

a. It can automatically identify every mailbox that received the phish and create corresponding cases for them

b. It can automatically email staff to warn them about the phishing attack and show them a copy of the email

c. It can automatically purge the email from user mailboxes in which it has not yet opened

d. It can automatically respond to the phishing email to unsubscribe from future emails

Reveal Solution Hide Solution

Which two types of Indicators of compromise (IOCs) are available for creation in Cortex XDR?

a. Internet Protocol (IP)

b. Endport hostname

c. registry entry

d. domain

Reveal Solution Hide Solution

Which command is used to add Cortex XSOAR “User1” to an investigation from the War Room?

a. #Invite User1

b. @User1

c. #User1

d. !Invite User1

Reveal Solution Hide Solution

Which component displays an entire picture of an attack, including the root cause or delivery point?

a. Cortex XSOAR Work Plan

b. Cortex Data Lake

c. Cortex XDR Causality View

d. Cortex SOC Orchestrator

Reveal Solution Hide Solution

Which two items are stitched to the Cortex XDR causality chain? (Choose two.)

a. registry set value

b. firewall alerts

c. security and information event management (SIEM)

d. full uniform resource locator (URL)

Reveal Solution Hide Solution

A customer wants the main Cortex XSOAR server installed in one site and wants to integrate with three other technologies in a second site

What communications are required between the two sites if the customer wants to install a Cortex XSOAR engine in the second site?

a. The Cortex XSOAR server at the first site must be able to initiate a connection to the Cortex XSOAR engine at the second site

b. All connectivity is initiated from the Cortex XSOAR server on the first site via a managed cloud proxy

c. Dedicated site-to-site virtual private network (VPN) is required for the Cortex XSOAR server at the first site to initiate a connection to the Cortex XSOAR engine at the second site

d. The Cortex XSOAR engine at the first site must be able to initiate a connection to the Cortex XSOAR server at the second site

Reveal Solution Hide Solution

A customer agrees to do a 30-day proof of concept (POC) and wants to integrate with a product with which Cortex XSOAR is not currently integrated.

What is the appropriate response to the customer?

a. Extend the POC window to allow the solution architects to build it

b. Explain that custom integrations are not included in the POC

c. Explain that it can be built by Professional Services, but it will take an additional 30 days

d. Agree to build the integration as part of the POC

Reveal Solution Hide Solution