XSIAM AnalystPreview

A Cortex XSIAM analyst is reading a blog that references an unfamiliar critical zero-day vulnerability. This vulnerability has been weaponized, and there is evidence that it is being exploited by threat actors targeting a customer's industry.
Where can the analyst go within Cortex XSIAM to learn more about this vulnerability and any potential impacts on the customer environment?

Which pane in the User Risk View will identify the country from which a user regularly logs in, based on the past few weeks of data?

Which interval is the duration of time before an analytics detector can raise an alert?

Which attributes can be used as featured fields?

Which dataset should an analyst search when looking for Palo Alto Networks NGFW logs?

Which two actions will allow a security analyst to review updated commands from the core pack and interpret the results without altering the incident audit? (Choose two.)

How can a SOC analyst highlight alerts generated on C-level executive hosts?

An analyst conducting a threat hunt needs to collect multiple files from various endpoints. The analyst begins the file retrieval process by using the Action Center, but upon review of the retrieved files, notices that the list is incomplete and missing files, including kernel files.
What could be the reason for this issue?

What information is provided in the timeline view of Cortex XSIAM?

Which Cytool command will re-enable protection on an endpoint that has Cortex XDR agent protection paused?

For a critical incident, Cortex XSIAM suggests several playbooks which should have been executed automatically.
Why were the playbooks not executed?

Which two actions can an analyst take to reduce the number of false positive alerts generated by a custom BIOC? (Choose two.)

Which query will hunt for only incoming traffic from 99.99.99.99 when all log sources have been mapped to XDM?

In which two locations can mapping be configured for indicators? (Choose two.)

A SOC team member implements an incident starring configuration, but incidents created before this configuration were not starred.
What is the cause of this behavior?

An incident in Cortex XSIAM contains the following series of alerts:
10:24:17 AM - Informational Severity - XDR Analytics BIOC - Rare process execution in organization
10:24:18 AM - Low Severity - XDR BIOC - Suspicious AMSI DLL load location
10:24:20 AM - Medium Severity - XDR Agent - WildFire Malware
11:57:04 AM - High Severity - Correlation - Suspicious admin account creation
Which alert was responsible for the creation of the incident?

While investigating an alert, an analyst notices that a URL indicator has a related alert from a previous incident. The related alert has the same URL, but it resolved to a different IP address.
Which combination of two actions should the analyst take to resolve this issue? (Choose two.)

Which attribution evidence will have the lowest confidence level when evaluating assets to determine if they belong to an organization's attack surface?

Which two methods can be used to create and share queries into the Query Library? (Choose two.)

Which type of task can be used to create a decision tree in a playbook?

Why would an analyst schedule an XQL query?

Based on the image below, which two determinations can be made from the causality chain? (Choose two.)

An on-demand malware scan of a Windows workstation using the Cortex XDR agent is successful and detects three malicious files. An analyst attempts further investigation of the files by right-clicking on the scan result, selecting "Additional data," then "View related alerts," but no alerts are reported.
What is the reason for this outcome?