Where can SHA256 hash values be used in Cortex XDR Malware Protection Profiles?
Where can SHA256 hash values be used in Cortex XDR Malware Protection Profiles?A . in the macOS Malware Protection Profile to indicate allowed signersB . in the Linux Malware Protection Profile to indicate allowed Java librariesC . SHA256 hashes cannot be used in Cortex XDR Malware Protection ProfilesD . in...
What is the purpose of targeting software vendors in a supply-chain attack?
What is the purpose of targeting software vendors in a supply-chain attack?A . to take advantage of a trusted software delivery method.B . to steal users’ login credentials.C . to access source code.D . to report Zero-day vulnerabilities.View AnswerAnswer: A Explanation: A supply chain attack is a type of cyberattack...
Which Type of IOC can you define in Cortex XDR?
Which Type of IOC can you define in Cortex XDR?A . destination portB . e-mail addressC . full pathD . App-IDView AnswerAnswer: C Explanation: Cortex XDR allows you to define IOCs based on various criteria, such as file hashes, registry keys, IP addresses, domain names, and full paths. A full...
Where would you view the WildFire report in an incident?
Where would you view the WildFire report in an incident?A . next to relevant Key Artifacts in the incidents details pageB . under Response --> Action CenterC . under the gear icon --> Agent Audit LogsD . on the HUB page at apps.paloaltonetworks.comView AnswerAnswer: A Explanation: To view the WildFire...
Which Cortex XDR module can prevent this attack?
An attacker tries to load dynamic libraries on macOS from an unsecure location. Which Cortex XDR module can prevent this attack?A . DDL SecurityB . Hot Patch ProtectionC . Kernel Integrity Monitor (KIM)D . Dylib HijackingView AnswerAnswer: D Explanation: The correct answer is D. Dylib Hijacking. Dylib Hijacking, also known...
When creating a BIOC rule, which XQL query can be used?
When creating a BIOC rule, which XQL query can be used?A . dataset = xdr_data | filter event_sub_type = PROCESS_START and action_process_image_name ~= ".*?.(?:pdf|docx).exe"B . dataset = xdr_data | filter event_type = PROCESS and event_sub_type = PROCESS_START and action_process_image_name ~= ".*?.(?:pdf|docx).exe"C . dataset = xdr_data | filter action_process_image_name ~= ".*?.(?:pdf|docx).exe"...
What is the standard installation disk space recommended to install a Broker VM?
What is the standard installation disk space recommended to install a Broker VM?A . 1GB disk spaceB . 2GB disk spaceC . 512GB disk spaceD . 256GB disk spaceView AnswerAnswer: D Explanation: The Broker VM for Cortex XDR is a virtual machine that serves as the central communication hub for...
When using the “File Search and Destroy” feature, which of the following search hash type is supported?
When using the “File Search and Destroy” feature, which of the following search hash type is supported?A . SHA256 hash of the fileB . AES256 hash of the fileC . MD5 hash of the fileD . SHA1 hash of the fileView AnswerAnswer: A Explanation: The File Search and Destroy feature...
If you have an isolated network that is prevented from connecting to the Cortex Data Lake, which type of Broker VM setup can you use to facilitate the communication?
If you have an isolated network that is prevented from connecting to the Cortex Data Lake, which type of Broker VM setup can you use to facilitate the communication?A . Broker VM PathfinderB . Local Agent ProxyC . Local Agent Installer and Content CachingD . Broker VM Syslog CollectorView AnswerAnswer:...
In incident-related widgets, how would you filter the display to only show incidents that were “starred”?
In incident-related widgets, how would you filter the display to only show incidents that were “starred”?A . Create a custom XQL widgetB . This is not currently supportedC . Create a custom report and filter on starred incidentsD . Click the star in the widgetView AnswerAnswer: D Explanation: To filter...