What does the Cortex XSOAR "Saved by Dbot" widget calculate?
Aamount saved in Dollars according to actions carried out by all users in Cortex XSOAR across all incidents
Bamount saved in Dollars by using Cortex XSOAR instead of other products
Camount of time saved by each playbook task within an incident
Damount of time saved by Dbot's machine learning (ML) capabilities
Which integration allows searching and displaying Splunk results within Cortex XSOAR?
ASplunkPY integration
BDemisto App for Splunk integration
CXSOAR REST API integration
DSplunk integration
Which two types of indicators of compromise (IOCs) are available for creation in Cortex XDR? (Choose two.)
Aregistry
Bfile path
Chash
Dhostname
Which two Cortex XSOAR incident type features can be customized under Settings > Advanced > Incident Types? (Choose two.)
Aadding new fields to an incident type
Bsetting reminders for an incident service level agreement (SLA)
Cdefining whether a playbook runs automatically when an incident type is encountered
Ddropping new incidents of the same type that contain similar information
Which two statements apply to widgets? (Choose two.)
AAll widgets are customizable.
BDashboards cannot be shared across an organization.
CA widget can have its own time range that is different from the rest of the dashboard.
DSome widgets cannot be changed.
Which statement applies to a Cortex XSOAR engine that is part of a load-balancing group?
AIt must be in a load-balancing group with at least three additional members.
BIt must have port 443 open to allow the XSOAR server to establish a connection.
CIt does not appear in the in the engine drop-down menu when configuring an integration instance.
DIt can be used separately as an engine only if directly connected to the XSOAR server.
Which statement applies to the malware protection flow in Cortex XDR Prevent?
ALocal static analysis happens before a WildFire verdict check.
BIn the final step, the block list is verified.
CA trusted signed file is exempt from local static analysis.
DHash comparisons come after local static analysis.
What is the size of the free Cortex Data Lake instance provided to a customer who has activated a TMS tenant, but has not purchased a Cortex Data Lake instance?
A10 GB
B1 TB
C10 TB
D100 GB
How can Cortex XSOAR save time when a phishing incident occurs?
AIt can automatically email staff to warn them about the phishing attack and show them a copy of the email.
BIt can automatically respond to the phishing email to unsubscribe from future emails.
CIt can automatically purge the email from user mailboxes in which it has not yet opened.
DIt can automatically identify every mailbox that received the phish and create corresponding cases for them.
What is a benefit offered by Cortex XSOAR?
AIt has the ability to customize the extensible platform to scale to business needs.
BIt allows the consolidation of multiple point products into a single integrated service.
CIt provides holistic protection across hosts and containers throughout the application lifecycle.
DIt enables an end-to-end view of everything in the customer environment that affects digital employee productivity.
Which two methods does the Cortex XDR agent use to identify malware during a scheduled scan? (Choose two.)
AWildFire hash comparison
Bheuristic analysis
Csignature comparison
Ddynamic analysis
A customer agrees to do a 30-day proof of concept (POC) and wants to integrate with a product with which Cortex XSOAR is not currently integrated.
What is the appropriate response to this customer?
AAgree to build the integration as part of the POC.
BExplain that custom integrations are not included in the POC.
CExtend the POC window to allow the solution architects to build it.
DExplain that it can be built by Professional Services, but it will take an additional 30 days.
A Cortex XSOAR customer has a phishing use case in which a playbook has been implemented with one of the steps blocking a malicious URL found in an email reported by one of the users.
What would be the appropriate next step in the playbook?
AEmail the CISO to advise that malicious email was found.
BDisable the user's email account.
CEmail the user to confirm the reported email was phishing.
DChange the user's password.
Which step is required to prepare the virtual desktop infrastructure (VDI) golden image?
ARun the VDI conversion tool.
BEnsure the latest content updates are installed.
CReview any portable executable (PE) files WildFire determined to be malicious.
DSet the memory dumps to manual setting.
Which two areas of Cortex XDR are used for threat hunting activities? (Choose two.)
Aindicators of compromise (IOC) rules
Bquery builder
Clive terminal
Dhost insights module
A customer has purchased Cortex Data Lake storage with the following configuration, which requires 2 TB of Cortex Data Lake to order: support for 300 total Cortex XDR clients all forwarding Cortex XDR data with 30-day retention storage for higher fidelity logs to support Cortex XDR advanced analytics
The customer now needs 1000 total Cortex XDR clients, but continues with 300 clients forwarding Cortex XDR data with 30-day retention.
What is the new total storage requirement for Cortex Data Lake storage to order?
A16 TB
B4 TB
C8 TB
D2 TB
Which action allows Cortex XSOAR to access Docker in an air-gapped environment where the Docker page was manually installed after the Cortex XSOAR installation?
ACreate a "docker" group and add the "Cortex XSOAR" or "demisto" user to this group.
BCreate a "Cortex XSOAR" or "demisto" group and add the "docker" user to this group.
CEnable the Docker service.
DDisable the Cortex XSOAR service.
A customer wants the main Cortex XSOAR server installed in one site and wants to integrate with three other technologies in a second site.
What communications are required between the two sites if the customer wants to install a Cortex XSOAR engine in the second site?
AThe Cortex XSOAR server at the first site must be able to initiate a connection to the Cortex XSOAR engine at the second site.
BAll connectivity is initiated from the Cortex XSOAR server on the first site via a managed cloud proxy.
CDedicated site-to-site virtual private network (VPN) is required for the Cortex XSOAR server at the first site to initiate a connection to the Cortex XSOAR engine at the second site.
DThe Cortex XSOAR engine at the first site must be able to initiate a connection to the Cortex XSOAR server at the second site.
On a multi-tenanted v6.2 Cortex XSOAR server, which path leads to the server.log for "Tenant1"?
A/var/log/demisto/acc_Tenant1/server.log
B/var/log/demisto/Tenant1/server.log
C/var/lib/demisto/acc_Tenant1/server.log
D/var/lib/demisto/server.log
What are two capabilities of a War Room? (Choose two.)
Acreate widgets for an investigation
Bcreate playbooks for orchestration
Cact as an audit trail for an investigation
Drun ad-hoc automation commands
Which two playbook functionalities allow looping through a group of tasks during playbook execution? (Choose two.)
Aplaybook functions
Bsub-playbooks
CGenericPolling playbooks
Dplaybook tasks
Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?
Acausality group owner
Bchain's alert initiator
Cadversary's remote process
Drelevant shell
Which source provides data for Cortex XDR?
AVMware NSX
BAmazon Alexa rank indicator
CCisco ACI
DLinux endpoints
Which two manual actions are allowed on War Room entries? (Choose two.)
Amark as note
Bmark as scheduled entry
Cmark as evidence
Dmark as artifact
How do sub-playbooks affect the Incident Context Data?
AWhen set to private, task outputs do not automatically get written to the root context.
BWhen set to global, sub-playbook tasks do not have access to the root context.
CWhen set to global, parallel task execution is allowed.
DWhen set to private, task outputs are automatically written to the root context.
Preview
