When creating a BIOC rule, which XQL query can be used?
When creating a BIOC rule, which XQL query can be used?A . dataset = xdr_data | filterevent_sub_type = PROCESS_START and action_process_image_name ~= ".*?.(?:pdf|docx).exe"B . dataset = xdr_data | filter event_type = PROCESS and event_sub_type = PROCESS_START and action_process_image_name ~= ".*?.(?:pdf|docx).exe"C . dataset = xdr_data | filter action_process_image_name ~= ".*?.(?:pdf|docx).exe" |...
If you have an isolated network that is prevented from connecting to the Cortex Data Lake, which type of Broker VM setup can you use to facilitate the communication?
If you have an isolated network that is prevented from connecting to the Cortex Data Lake, which type of Broker VM setup can you use to facilitate the communication?A . Broker VM PathfinderB . Local Agent ProxyC . Local Agent Installer and Content CachingD . Broker VM Syslog CollectorView AnswerAnswer:...
Which built-in dashboard would be the best option for an executive, if they were looking for the Mean Time to Resolution (MTTR) metric?
Which built-in dashboard would be the best option for an executive, if they were looking for the Mean Time to Resolution (MTTR) metric?A . Security Manager DashboardB . Data Ingestion DashboardC . Security Admin DashboardD . Incident Management DashboardView AnswerAnswer: A Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-release-notes/release-information/features-introduced/features-introduced-in-2021.html
Which statement best describes how Behavioral Threat Protection (BTP) works?
Which statement best describes how Behavioral Threat Protection (BTP) works?A . BTP injects into known vulnerable processes to detect malicious activity.B . BTP runs on the Cortex XDR and distributes behavioral signatures to all agents.C . BTP matches EDR data with rules provided by Cortex XDE . BTP uses machine...
LiveTerminal uses which type of protocol to communicate with the agent on the endpoint?
LiveTerminal uses which type of protocol to communicate with the agent on the endpoint?A . NetBIOS over TCPB . WebSocketC . UDP and a random portD . TCP, over port 80View AnswerAnswer: B Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/communication-between-cortex-xdr-and-agents.html
After scan, how does file quarantine function work on an endpoint?
After scan, how does file quarantine function work on an endpoint?A . Quarantine takes ownership of the files and folders and prevents execution through access control.B . Quarantine disables the network adapters and locks down access preventing any communications with the endpoint.C . Quarantine removes a specific file from its...
Which of the following best defines the Windows Registry as used by the Cortex XDRagent?
Which of the following best defines the Windows Registry as used by the Cortex XDRagent?A . a hierarchical database that stores settings for the operating system and for applicationsB . a system of files used by the operating system to commit memory that exceeds the available hardware resources. Also known...
When creating a scheduled report which is not an option?
When creating a scheduled report which is not an option?A . Run weekly on a certain day and time.B . Run quarterly on a certain day and time.C . Run monthly on a certain day and time.D . Run daily at a certain time (selectable hours and minutes).View AnswerAnswer: B...
What will the Cortex XDR console automatically do to this incident if all alerts contained have exclusions?
While working the alerts involved in a Cortex XDR incident, an analyst has found that every alert in this incident requires an exclusion . What will the Cortex XDR console automatically do to this incident if all alerts contained have exclusions?A . mark the incident as UnresolvedB . create a...
Which statement is true for Application Exploits and Kernel Exploits?
Which statement is true for Application Exploits and Kernel Exploits?A . The ultimate goal of any exploit is to reach the application.B . Kernel exploits are easier to prevent then application exploits.C . The ultimate goal of any exploit is to reach the kernel.D . Application exploits leverage kernel vulnerability.View...