- All Exams Instant Download
Which of the following represents the correct relation of alerts to incidents?
Which of the following represents the correct relation of alerts to incidents?A . Only alerts with the same host are grouped together into one Incident in a given time frame.B . Alerts that occur within a three hour time frame are grouped together into one Incident.C . Alerts with same...
What are two purposes of “Respond to Malicious Causality Chains” in a Cortex XDR Windows Malware profile? (Choose two.)
What are two purposes of “Respond to Malicious Causality Chains” in a Cortex XDR Windows Malware profile? (Choose two.)A . Automatically close the connections involved in malicious traffic.B . Automatically kill the processes involved in malicious activity.C . Automatically terminate the threads involved in malicious activity.D . Automaticallyblock the IP...
LiveTerminal uses which type of protocol to communicate with the agent on the endpoint?
LiveTerminal uses which type of protocol to communicate with the agent on the endpoint?A . NetBIOS over TCPB . WebSocketC . UDP and a random portD . TCP, over port 80View AnswerAnswer: B Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/communication-between-cortex-xdr-and-agents.html
Which of the following best defines the Windows Registry as used by the Cortex XDRagent?
Which of the following best defines the Windows Registry as used by the Cortex XDRagent?A . a hierarchical database that stores settings for the operating system and for applicationsB . a system of files used by the operating system to commit memory that exceeds the available hardware resources. Also known...
Which of the following policy exceptions applies to the following description?
Which of the following policy exceptions applies to the following description? ‘An exception allowing specific PHP files’A . Support exceptionB . Local file threat examination exceptionC . Behavioral threat protection rule exceptionD . Process exceptionView AnswerAnswer: B
What will the Cortex XDR console automatically do to this incident if all alerts contained have exclusions?
While working the alerts involved in a Cortex XDR incident, an analyst has found that every alert in this incident requires an exclusion . What will the Cortex XDR console automatically do to this incident if all alerts contained have exclusions?A . mark the incident as UnresolvedB . create a...
Which statement is true for Application Exploits and Kernel Exploits?
Which statement is true for Application Exploits and Kernel Exploits?A . The ultimate goal of any exploit is to reach the application.B . Kernel exploits are easier to prevent then application exploits.C . The ultimate goal of any exploit is to reach the kernel.D . Application exploits leverage kernel vulnerability.View...
When creating a scheduled report which is not an option?
When creating a scheduled report which is not an option?A . Run weekly on a certain day and time.B . Run quarterly on a certain day and time.C . Run monthly on a certain day and time.D . Run daily at a certain time (selectable hours and minutes).View AnswerAnswer: B...
To create a BIOC rule with XQL query you must at a minimum filter on which field inorder for it to be a valid BIOC rule?
To create a BIOC rule with XQL query you must at a minimum filter on which field inorder for it to be a valid BIOC rule?A . causality_chainB . endpoint_nameC . threat_eventD . event_typeView AnswerAnswer: D Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/cortex-xdr-indicators/working-with-biocs/create-a-bioc-rule.html
Phishing belongs which of the following MITRE ATT&CK tactics?
Phishing belongs which of the following MITRE ATT&CK tactics?A . Initial Access, PersistenceB . Persistence, Command and ControlC . Reconnaissance, PersistenceD . Reconnaissance, Initial AccessView AnswerAnswer: D Reference: https://attack.mitre.org/techniques/T1566/
