SecOps ProPreview

A customer is investigating a security incident in which unusual network traffic is observed and a malicious process is identified on an endpoint.
Which Cortex XDR capability assists with correlating firewall network logs and endpoint data in this environment?

Which sensor is used by Cortex XSIAM to identify and collect DNS queries, HTTP header, and DHCP information?

What is enabled by Role Based Access Control (RBAC) in Cortex XDR?

Which two steps belong in the Cortex XSOAR incident lifecycle? (Choose two.)

Which scripting language would create a custom widget in Cortex XDR that shows the top five accounts with failed Windows logons in the past 24 hours?

Which response action in Cortex XSIAM would be unavailable to a SOC analyst investigating an incident involving a Linux server?

What is the role of content packs in Cortex XSOAR?

A file hash is evaluated a Cortex XSOAR by using two unique threat feeds:
VirusTotal feed (rating of B- usually reliable) and the file verdict is malicious
AlienVault feed (rating of B- usually reliable) and the file verdict is benign
What is the file verdict in XSOAR?

Which incident should a responder prioritize based on overall functional and informational impact to the company?

Which action should an administrator take to create automated response actions when a user account is compromised, allowing attacker to upload data to an external IP address and infect a machine on the company network with malware?

During a sophisticated cyber attack, a company experiences a stealthy, multivector intrusion that evades detection by traditional security tools.
The company requires a solution that will correlate and analyze the disparate attack indicators across its network, endpoints, and cloud environments to uncover the full scope of the breach and take immediate automated response actions.
Which solution should be recommended?

What is a difference between cold storage and hot storage in Cortex?

Where in Cortex XSOAR are analystsle to collaborate and converse with others for joint real-time investigations?

Which Cortex XDR component raises an alert when suspicious activity composed of multiple events is detected and deviates from established baseline behavior?

Which two types of content can be installed or upgraded through a Cortex XSIAM content pack? (Choose two.)

What is required to enable ingestion of on-premises firewall logs into Cortex XDR?

A new incident in Cortex XSIAM contains WildFire malware and Behavioral Threat Protection (BTP) alertsout an unsigned process attempting to dump the memory of Isass.exe.
Which initial verdict applies to this incident?

Where can an administrator begin to grant a new non-SSO user access to a Cortex XDR tenant?

Where can the actions taken to stitch alerts together in Cortex XSIAM be viewed?

What determines the indicator layout displayed and the scripts that will run on an indicator of compromise (IOC) in Cortex XSIAM?

Which action is performed as the final step of the NIST incident response plan?

What is the purpose of incident types in Cortex XSOAR?

Which activities are facilitated through the War Room in Cortex XSOAR?

What are the primary functions of the Causality Analysis Engine in Cortex XDR?