Which service helps uncover attackers wherever they hide by combining world-class threat hunters with Cortex XDR technology that runs on integrated endpoint, network, and cloud data sources?

a. Cloud Identity Engine (CIE)

b. Threat Intelligence Platform (TIP)

c. Virtual desktop infrastructure (VDI)

d. Managed Threat Hunting (MTH)

Reveal Solution Hide Solution

What is the result of creating an exception from an exploit security event?

a. Triggered exploit protection module (EPM) for the host and process involved is disabled

b. User is exempt from generating events for 24 hours

c. Process from WildFire analysis is whitelisted

d. Administrators are exempt from generating alerts for 24 hours

Reveal Solution Hide Solution

Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command-and-control (C2) traffic.

What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall?

a. Have XSOAR automatically add the IP address to a deny rule in the firewall

b. Have XSOAR automatically add the IP address to a threat intelligence management (TIM) malicious IP list to elevate priority of future alerts

c. Have XSOAR automatically add the IP address to an external dynamic list (EDL) used by the firewall

d. Have XSOAR automatically create a NetOps ticket requesting a configuration change to the firewall to block the IP

Reveal Solution Hide Solution

What is the size of the free Cortex Data Lake instance provided to a customer who has activated a TMS tenant, but has not purchased a Cortex Data Lake instance?

a. 10 TB

b. 1 TB

c. 100 GB

d. 10 GB

Reveal Solution Hide Solution

Cortex XDR external data ingestion processes ingest data from which sources?

a. Windows event logs only

b. Windows event logs, syslogs, and custom external sources

c. Windows event logs and syslogs only

d. Syslogs only

Reveal Solution Hide Solution

Which process is the causality chain does the Cortex XDR agent identify as triggering an event sequence?

a. Adversary’s remote process

b. Chain’s alert initiator

c. Causality group owner

d. Relevant shell

Reveal Solution Hide Solution

How do sub-playbooks affect the incident Context Data?

a. When set to global, sub-playbook tasks do not have access to the root context

b. When set to private, task outputs do not automatically get written to the root context

c. When set to global, parallel task execution is allowed

d. When set to private, task outputs are automatically written to the root context

Reveal Solution Hide Solution

An adversary attempts to communicate with malware running on a network in order to control malware activities or to exfiltrate data from the network.

What Cortex XDR Analytics alert will this activity most likely trigger?

a. Uncommon local scheduled task creation

b. Malware

c. New administrative behavior

d. DNS Tunneling

Reveal Solution Hide Solution

Which two types of indicators of compromise (IOCs) are available for creation in Cortex XDR?

a. Registry

b. Hostname

c. Hash

d. File path

Reveal Solution Hide Solution

Which attack method is a result of techniques designed to gain access through vulnerabilities in the code of an operating system (OS) or application?

a. Malware

b. Exploit

c. Ransomware

d. phishing

Reveal Solution Hide Solution