CLOUDSEC-PROPreview

A company’s SOC team and network security team operate independently but have a directive from the CISO to work more closely together due to issues resulting from a lack of cross-team collaboration. This often delays incident response, as analysts on both teams find themselves unknowingly working on the same alerts.
Which solution will improve security metrics and outcomes while aligning to the directive from the CISO?

In which two use cases is the use of SIEM more appropriate than the use of SOAR to investigate a user who logs in with a malicious IP address? (Choose two.)

Which concept proactively enhances internal processes for incident response and management against known threats?

Which action should be taken to investigate multiple log sources when researching a known threat by using threat intelligence?

How can a company use Cortex XSIAM to automate security operations and enhance threat detection?

Which step is required to create a user role?

A security engineer needs to transfer dashboard configurations between the company’s Cortex Cloud environments for Asia, Europe, and North America divisions to streamline onboarding.
Which condition would prevent this action?

When is it advantageous to deploy a Cortex XDR agent with advanced endpoint protection for a Windows host to detect a malicious occurrence?

How can an administrator use Endpoint Administrative Cleanup to ensure that all duplicates have been removed from the All Endpoints table in Cortex Cloud and that the table includes the most accurate list of endpoints?

A threat intelligence team determines that IP addresses associated with brute force attacks on the VPN gateways are historically linked to a ransomware campaign.
Which two features can be defined in Cortex to trigger alerts on the malicious objects and on specified system processes linked to the tactics, techniques, and procedures (TTPs) of the threat actors? (Choose two.)

Which operational status will identify all endpoints with agents that are not functioning properly due to insufficient resources?

Which Cortex Cloud capability will increase efficiency when prioritizing and categorizing issues?

Which Cortex Cloud report is most appropriate for a cybersecurity director to receive critical and high compliance risks for AWS?

Which feature of Cloud Security Posture Management (CSPM) helps detect and prioritize critical risks in cloud environments?

A developer writes a serverless application to extract a field from a file in an S3 bucket. The Lambda function is assigned the S3FullAccess managed policy.

Refer to the scenario to answer this question:
Which two actions will allow a Cortex Cloud user to view the effective permissions of the Lambda function? (Choose two.)

A company has a costly ransomware incident on its Azure infrastructure after an employee was phished while using an unpatched personal computer to download company bank statements.
Which two Cloud Security Management modules are most capable of mitigating such incidents and helping the company improve its security posture? (Choose two.)

What allows Cortex Cloud to provide vulnerability visibility by default upon onboarding cloud service provider (CSP) accounts?

A company operationalizing Cortex Cloud Data Security Posture Management (DSPM) experiences issues related to a lack of secure controls on its Amazon S3 buckets. An administrator wants to use the XQL editor to investigate S3 buckets but is unable to see any data in the Cortex Cloud console.
How can the administrator ensure that data is being ingested?

A customer with a large cloud environment needs to perform a vulnerability assessment. In this case, the customer does not have the authorization to install agents but is an owner of the cloud environments.
Which capability meets the customer’s requirements?

What is required before creating a new assessment profile for compliance reporting?

What are two key benefits of implementing Cloud Security Posture Management (CSPM) in a multi-cloud environment? (Choose two.)

A cloud engineer using Cortex Cloud needs to choose between posture management modules to look into Identity and Access Management (IAM) groups and policies.
What are two use cases for the Identity Security Posture Management (ISPM) module to be used in this scenario? (Choose two.)

A company receives a critical vulnerability finding with a CVSS score of 10 on a workload, which has been virtually patched with a WAF. The security team must appropriately track the issue based on the risk to the company environment and align to its risk management approach.
Which step can the security team take in Cortex Cloud?