Where would you go to add an exception to exclude a specific file hash from examination by the Malware profile for a Windows endpoint?
AFind the Malware profile attached to the endpoint, Under Portable Executable and DLL Examination add the hash to the allow list.
BFrom the rules menu select new exception, fill out the criteria, choose the scope to apply it to, hit save.
CFind the exceptions profile attached to the endpoint, under process exceptions select local analysis, paste the hash and save.
DIn the Action Center, choose Allow list, select new action, select add to allow list, add your hash to the list, and apply it.
Cortex XDR Analytics can alert when detecting activity matching the following MITRE ATT&CKTM techniques.
AExfiltration, Command and Control, Collection
BExfiltration, Command and Control, Privilege Escalation
CExfiltration, Command and Control, Impact
DExfiltration, Command and Control, Lateral Movement
What is the outcome of creating and implementing an alert exclusion?
AThe Cortex XDR agent will allow the process that was blocked to run on the endpoint.
BThe Cortex XDR console will hide those alerts.
CThe Cortex XDR agent will not create an alert for this event in the future.
DThe Cortex XDR console will delete those alerts and block ingestion of them in the future.
What is by far the most common tactic used by ransomware to shut down a victim’s operation?
Apreventing the victim from being able to access APIs to cripple infrastructure
Bdenying traffic out of the victims network until payment is received
Crestricting access to administrative accounts to the victim
Dencrypting certain files to prevent access by the victim
Question 6
Incident Handling and Response
0
Question 7
Incident Handling and Response
Question 8
Incident Handling and Response
Question 9
Endpoint Security Management
Question 10
Incident Handling and Response
Question 11
Alerting and Detection Processes
Question 12
Endpoint Security Management
Question 13
Incident Handling and Response
Question 14
Endpoint Security Management
Question 15
Alerting and Detection Processes
Question 16
Endpoint Security Management
Question 17
Data Analysis
Question 18
Incident Handling and Response
Question 19
Endpoint Security Management
Question 20
Data Analysis
Question 21
Data Analysis
Question 22
Endpoint Security Management
Question 23
Data Analysis
Question 24
Endpoint Security Management
Question 25
Endpoint Security Management
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
When selecting multiple Incidents at a time, what options are available from the menu when a user right-clicks the incidents? (Choose two.)
AAssign incidents to an analyst in bulk.
BChange the status of multiple incidents.
CInvestigate several Incidents at once.
DDelete the selected Incidents.
A file is identified as malware by the Local Analysis module whereas WildFire verdict is Benign, Assuming WildFire is accurate. Which statement is correct for the incident?
AIt is true positive.
BIt is false positive.
CIt is a false negative.
DIt is true negative.
While working the alerts involved in a Cortex XDR incident, an analyst has found that every alert in this incident requires an exclusion. What will the Cortex XDR console automatically do to this incident if all alerts contained have exclusions?
Amark the incident as Unresolved
Bcreate a BIOC rule excluding this behavior
Ccreate an exception to prevent future false positives
Dmark the incident as Resolved – False Positive
A Linux endpoint with a Cortex XDR Pro per Endpoint license and Enhanced Endpoint Data enabled has reported malicious activity, resulting in the creation of a file that you wish to delete. Which action could you take to delete the file?
AManually remediate the problem on the endpoint in question.
BOpen X2go from the Cortex XDR console and delete the file via X2go.
CInitiate Remediate Suggestions to automatically delete the file.
DOpen an NFS connection from the Cortex XDR console and delete the file.
Which of the following paths will successfully activate Remediation Suggestions?
AAlerts Table > Right-click on a process node > Remediation Suggestions
DAlerts Table > Right-click on an alert > Remediation Suggestions
What should you do to automatically convert leads into alerts after investigating a lead?
ALead threats can't be prevented in the future because they already exist in the environment.
BBuild a search query using Query Builder or XQL using a list of IOCs.
CCreate IOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.
DCreate BIOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.
Which version of python is used in live terminal?
APython 3 with specific XDR Python libraries developed by Palo Alto Networks
BPython 3 with standard Python libraries
CPython 2 and 3 with standard Python libraries
DPython 2 and 3 with specific XDR Python libraries developed by Palo Alto Networks
When reaching out to TAC for additional technical support related to a Security Event; what are two critical pieces of information you need to collect from the Agent? (Choose two.)
AThe prevention archive from the alert.
BThe unique agent id.
CThe distribution id of the agent.
DThe agent technical support file.
EA list of all the current exceptions applied to the agent.
What is the maximum number of agents one Broker VM local agent applet can support?
A10,000
B15,000
C5,000
D20,000
Which type of IOC can you define in Cortex XDR?
ASource port
BDestination IP Address
CDestination IP Address:Destination
DSource IP Address
Which minimum Cortex XDR agent version is required for Kubernetes Cluster?
ACortex XDR 7.4
BCortex XDR 5.0
CCortex XDR 7.5
DCortex XDR 6.1
What is the difference between presets and datasets in XQL?
AA dataset is a Cortex data lake data source only; presets are built-in data source.
BA dataset is a database; presets is a field.
CA dataset is a built-in or third party source; presets group XDR data fields.
DA dataset is a third-party data source; presets are built-in data source.
When investigating security events, which feature in Cortex XDR is useful for reverting the changes on the endpoint?
ARemediation Automation
BMachine Remediation
CAutomatic Remediation
DRemediation Suggestions
Which Exploit Protection Module (EPM) can be used to prevent attacks based on OS function?
AMemory Limit Heap Spray Check
BDLL Security
CUASLR
DJIT Mitigation
What contains a logical schema in an XQL query?
AField
BBin
CDataset
DArrayexpand
Which of the following represents a common sequence of cyber attack tactics?
AActions on the objective >> Reconnaissance >> Weaponisation & Delivery >> Exploitation >> Installation >> Command & Control
BInstallation >> Reconnaissance >> Weaponisation & Delivery >> Exploitation >> Command & Control >> Actions on the objective
CReconnaissance >> Installation >> Weaponisation & Delivery >> Exploitation >> Command & Control >> Actions on the objective
DReconnaissance >> Weaponisation & Delivery >> Exploitation >> Installation >> Command & Control >> Actions on the objective
Which function describes the removal of a specific file from its location on a local or removable drive to a protected folder to prevent the file from being executed?
ASearch & destroy
BQuarantine
CIsolation
DFlag for removal
Which statement is correct based on the report output below?
AForensic inventory data collection is enabled.
B133 agents have full disk encryption.
C3,297 total incidents have been detected.
DHost Inventory Data Collection is enabled.
Which profiles can the user use to configure malware protection in the Cortex XDR console?
AMalware Protection profile
BMalware profile
CMalware Detection profile
DAnti-Malware profile
Which of the following Live Terminal options are available for Android systems?
