How does Cortex XDR agent for Windows prevent ransomware attacks from compromising the file system?
How does Cortex XDR agent for Windows prevent ransomware attacks from compromising the file system?A . by encrypting the disk first.B . by utilizing decoy Files.C . by retrieving the encryption key.D . by patching vulnerable applications.View AnswerAnswer: B Explanation: Cortex XDR agent for Windows prevents ransomware attacks from compromising...
When is the wss (WebSocket Secure) protocol used?
When is the wss (WebSocket Secure) protocol used?A . when the Cortex XDR agent downloads new security contentB . when the Cortex XDR agent uploads alert dataC . when the Cortex XDR agent connects to WildFire to upload files for analysisD . when the Cortex XDR agent establishes a bidirectional...
Which type of BIOC rule is currently available in Cortex XDR?
Which type of BIOC rule is currently available in Cortex XDR?A . Threat ActorB . DiscoveryC . NetworkD . DropperView AnswerAnswer: B Explanation: The type of BIOC rule that is currently available in Cortex XDR is Discovery. A Discovery BIOC rule is a rule that detects suspicious or malicious behavior...
When viewing the incident directly, what is the “assigned to” field value of a new Incident that was just reported to Cortex?
When viewing the incident directly, what is the “assigned to” field value of a new Incident that was just reported to Cortex?A . PendingB . It is blankC . UnassignedD . NewView AnswerAnswer: C Explanation: The “assigned to” field value of a new incident that was just reported to Cortex...
What steps can you take to ensure that the same protection is extended to all your servers?
As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to download Cobalt Strike on one of your servers. Days later, you learn about a massive ongoing supply chain attack. Using Cortex XDR you recognize that your server was compromised by...
Which engine, of the following, in Cortex XDR determines the most relevant artifacts in each alert and aggregates all alerts related to an event into an incident?
Which engine, of the following, in Cortex XDR determines the most relevant artifacts in each alert and aggregates all alerts related to an event into an incident?A . Sensor EngineB . Causality Analysis EngineC . Log Stitching EngineD . Causality Chain EngineView AnswerAnswer: B Explanation: The engine that determines the...
What is the purpose of the Unit 42 team?
What is the purpose of the Unit 42 team?A . Unit 42 is responsible for automation and orchestration of productsB . Unit 42 is responsible for the configuration optimization of the Cortex XDR serverC . Unit 42 is responsible for threat research, malware analysis and threat huntingD . Unit 42...
What license would be required for ingesting external logs from various vendors?
What license would be required for ingesting external logs from various vendors?A . Cortex XDR Pro per EndpointB . Cortex XDR Vendor Agnostic ProC . Cortex XDR Pro per TBD . Cortex XDR Cloud per HostView AnswerAnswer: C Explanation: To ingest external logs from various vendors, you need a Cortex...
Phishing belongs to which of the following MITRE ATT&CK tactics?
Phishing belongs to which of the following MITRE ATT&CK tactics?A . Initial Access, PersistenceB . Persistence, Command and ControlC . Reconnaissance, PersistenceD . Reconnaissance, Initial AccessView AnswerAnswer: D Explanation: Phishing is a technique that belongs to two MITRE ATT&CK tactics: Reconnaissance and Initial Access. Reconnaissance is the process of gathering...
When creating a custom XQL query in a dashboard, how would a user save that XQL query to the Widget Library?
When creating a custom XQL query in a dashboard, how would a user save that XQL query to the Widget Library?A . Click the three dots on the widget and then choose “Save” and this will link the query to the Widget Library.B . This isn’t supported, you have to...