Which of the following represents the correct relation of alerts to incidents?

Which of the following represents the correct relation of alerts to incidents?A . Only alerts with the same host are grouped together into one Incident in a given time frame.B . Alerts that occur within a three hour time frame are grouped together into one Incident.C . Alerts with same...

October 2, 2023 No Comments READ MORE +

What are two purposes of “Respond to Malicious Causality Chains” in a Cortex XDR Windows Malware profile? (Choose two.)

What are two purposes of “Respond to Malicious Causality Chains” in a Cortex XDR Windows Malware profile? (Choose two.)A . Automatically close the connections involved in malicious traffic.B . Automatically kill the processes involved in malicious activity.C . Automatically terminate the threads involved in malicious activity.D . Automaticallyblock the IP...

October 2, 2023 No Comments READ MORE +

LiveTerminal uses which type of protocol to communicate with the agent on the endpoint?

LiveTerminal uses which type of protocol to communicate with the agent on the endpoint?A . NetBIOS over TCPB . WebSocketC . UDP and a random portD . TCP, over port 80View AnswerAnswer: B Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/communication-between-cortex-xdr-and-agents.html

October 2, 2023 No Comments READ MORE +

Which of the following best defines the Windows Registry as used by the Cortex XDRagent?

Which of the following best defines the Windows Registry as used by the Cortex XDRagent?A . a hierarchical database that stores settings for the operating system and for applicationsB . a system of files used by the operating system to commit memory that exceeds the available hardware resources. Also known...

October 1, 2023 No Comments READ MORE +

Which of the following policy exceptions applies to the following description?

Which of the following policy exceptions applies to the following description? ‘An exception allowing specific PHP files’A . Support exceptionB . Local file threat examination exceptionC . Behavioral threat protection rule exceptionD . Process exceptionView AnswerAnswer: B

September 29, 2023 No Comments READ MORE +

What will the Cortex XDR console automatically do to this incident if all alerts contained have exclusions?

While working the alerts involved in a Cortex XDR incident, an analyst has found that every alert in this incident requires an exclusion . What will the Cortex XDR console automatically do to this incident if all alerts contained have exclusions?A . mark the incident as UnresolvedB . create a...

September 27, 2023 No Comments READ MORE +

Which statement is true for Application Exploits and Kernel Exploits?

Which statement is true for Application Exploits and Kernel Exploits?A . The ultimate goal of any exploit is to reach the application.B . Kernel exploits are easier to prevent then application exploits.C . The ultimate goal of any exploit is to reach the kernel.D . Application exploits leverage kernel vulnerability.View...

September 27, 2023 No Comments READ MORE +

When creating a scheduled report which is not an option?

When creating a scheduled report which is not an option?A . Run weekly on a certain day and time.B . Run quarterly on a certain day and time.C . Run monthly on a certain day and time.D . Run daily at a certain time (selectable hours and minutes).View AnswerAnswer: B...

September 27, 2023 No Comments READ MORE +

To create a BIOC rule with XQL query you must at a minimum filter on which field inorder for it to be a valid BIOC rule?

To create a BIOC rule with XQL query you must at a minimum filter on which field inorder for it to be a valid BIOC rule?A . causality_chainB . endpoint_nameC . threat_eventD . event_typeView AnswerAnswer: D Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/cortex-xdr-indicators/working-with-biocs/create-a-bioc-rule.html

September 27, 2023 No Comments READ MORE +

Phishing belongs which of the following MITRE ATT&CK tactics?

Phishing belongs which of the following MITRE ATT&CK tactics?A . Initial Access, PersistenceB . Persistence, Command and ControlC . Reconnaissance, PersistenceD . Reconnaissance, Initial AccessView AnswerAnswer: D Reference: https://attack.mitre.org/techniques/T1566/

September 27, 2023 No Comments READ MORE +