Question 1 of 25.

What should a customer do that wants to keep a set of specific information for every event of a certain type?

 chat about it in the War Room

 use Remote Device Control to obtain the information

 add custom fields to incidents representing events of that type

 add that information in the Evidence Board when investigating the incident

Mark for follow up

Question 2 of 25.

What is orchestration in the context of SOAR?

 The ability to control network and endpoint enforcement points

 The selection of the right SIEM for the right customer

 Formalization of organized workflows for people and machines

 Automation of mundane cybersecurity tasks

Mark for follow up

Question 3 of 25.

When is an existing Cortex XDR customer a bad prospect for Cortex XSOAR?

 When Cortex XDR is their “go to” XDR tool.

 When they already have and use AutoFocus.

 When they already have and use Cortex XSOAR.

 When they use the ATT&CK rubric to guide their security efforts.

Mark for follow up

Question 4 of 25.

Where can the entire history of group interactions involving an attack response be seen?

 AutoFocus

 WildFire

 The Cortex XDR Incident page

  The Cortex XSOAR War Room

Mark for follow up

Question 5 of 25.

Which function displays an entire picture of an attack including its root cause or delivery point?

 Cortex SOC Orchestrator

 Cortex XDR incident analysis

 Cortex Data Lake

 Cortex XSOAR Work Plan

Mark for follow up

Question 6 of 25.

Which attack prevention technique does Cortex XDR use?

 PowerShell Shortcut abuse protection

 Password oversimplicity protection

 Executive power corruption protection

 Memory corruption protection

Mark for follow up

Question 7 of 25.

What’s a subplaybook?

 an app that underlies a playbook to ensure it flows from task to task

 an updated playbook that substitutes for an older playbook

 an obsolete playbook of inferior quality

 a playbook used as a task in another playbook

Mark for follow up

Question 8 of 25.

What is an advantage of Cortex XDR Pro analysis?

 It puts attack steps in context for security analysts, even when each step in itself may look innocent.

 It provides prevention as well as detection and response.

 It is completely automatic and does not require security analysts for operation.

 It is quicker than that of any of its competitors.

Mark for follow up

Question 9 of 25.

Which statement is true regarding Cortex XDR Prevent Execution Restrictions?

 They are used to blacklist or whitelist files for future processing.

 They are included in regular content updates.

 They are used to specify which exploit prevention method will be applied to a given process.

 They define where and how users can run executable files.

Mark for follow up

Question 10 of 25.

Which two analysis methods does WildFire use to detect malware? (Choose two.)

 executive restriction

 dynamic

 static

 program slicing

Mark for follow up

Question 11 of 25.

Which Cortex product provides intelligence to inform alert and incident analysis?

 Cortex XSOAR

 AutoFocus

 Cortex XDR
  Zingbox

Mark for follow up

Question 12 of 25.

Which statement describes the malware protection flow in Cortex XDR Prevent?

 Local static analysis happens before a WildFire verdict check.

 A trusted signed file is exempt from local static analysis.

 A blacklist check is the final step of malware protection flow.

 Hash comparisons come after local static analysis.

Mark for follow up

Question 13 of 25.

Which are two ways that WildFire works with Cortex XDR Prevent? (Choose two.)

 WildFire provides known threat information to Cortex XDR agents.

 WildFire analyzes the root cause of attacks so that Cortex XDR can stop the attack before malware takes hold.

 WildFire converts unknown attacks to known attacks so Cortex XDR can block the attacks in the future.

 WildFire blocks known attacks before they reach endpoints.

Mark for follow up

Question 14 of 25.

Which statement is true about advanced cyberthreats?

 A zero-day vulnerability is a product security flaw of which the product's vendor has no prior awareness.

 Sufficiently frequent signature updates prevent zero-day attacks.

 Protection against zero-day attacks is impractical.

 Zero-day attacks are unstoppable.

Mark for follow up

Question 15 of 25.

How does Cortex XDR use machine learning?

 It learns about the processes used in a SOC to provide customized alerts to the right people in the SOC.

 It learns about the processes used by a SOC to automate those processes.

 It learns about all the attacks throughout the world so that it can recognize which attacks are present in an
environment.

 It learns about normal user and process behavior in an infrastructure so it can recognize anomalous behavior.

Mark for follow up

Question 16 of 25.

Which sensor captures forensic information about a security event that occurs on an endpoint?

 Cortex XDR agent

 Cortex XSOAR indicator

 Zingbox dynamic inventory agent

 AutoFocus connector

Mark for follow up

Question 17 of 25.

Which function enables a customer to consistently use multiple competing products with similar functions?

 Cortex XDR integration

 Cortex Data Lake

 Cortex XDR analysis

 Cortex XSOAR automation

Mark for follow up

Question 18 of 25.

Which two problems does a security operations team often encounter? (Choose two.)

 too many security experts

 too much alert context data

  too many security products

 too many alerts

Mark for follow up

Question 19 of 25.

What are two sources of log data for Cortex XDR? (Choose two.)

 Next-generation firewalls

 AutoFocus

 Mobile devices

 Agents on endpoints

Mark for follow up

Question 20 of 25.

What should a customer do to obtain a Cortex XSOAR dashboard that caters to their needs and processes?

 choose among millions of dashboards provided OOTB

 change their processes to conform with the well-tested standard dashboard

 quickly design and build the dashboard they need within minutes

 hire consultants who can build in 30 to 60 days the dashboard they need

Mark for follow up

Question 21 of 25.

Which advantage is provided by unknown attack prevention?

 Unknown attack prevention approaches detect known attacks more quickly than do traditional known attack
approaches.

 Unknown attack prevention enables quarantine of compromised systems.

 Production environments can be protected even before OS patches are applied.

 Unknown attack prevention facilitates incident root cause analysis.

Mark for follow up

Question 22 of 25.

What are two sources of alert enrichment for Cortex XSOAR? (Choose two.)

 Cortex Data Lake

 Cortex XSOAR dashboards

 SIEMs

 AutoFocus

Mark for follow up

Question 23 of 25.

What is an advantage of the multi-method detection approach used by Cortex XDR over traditional antivirus
approaches?

 It is updated frequently.

 It is faster than hash comparison.

 It prevents unknown threats.

 It runs in the cloud.

Mark for follow up

Question 24 of 25.

In which two ways does Cortex XDR Prevent complement Palo Alto Networks perimeter protection? (Choose two.)

 Information about threats is uploaded into Cortex XDR agents from perimeter NGFWs.

 Cortex XDR agents send signatures about threats directly to Palo Alto Networks firewalls.

 Endpoints sometimes are operated by their users outside the corporate network perimeter.

 Cortex XDR can prevent malevolent process execution spawned by traffic the NGFW allows through.

Mark for follow up

Question 25 of 25.

Which Cortex XSOAR functionality always is part of accessing external sources for alert enrichment?
 Playbooks

 War Room

 Incidents

 Integrations

Mark for follow up