Академический Документы
Профессиональный Документы
Культура Документы
What should a customer do that wants to keep a set of specific information for every event of a certain type?
add that information in the Evidence Board when investigating the incident
Question 2 of 25.
Question 3 of 25.
When is an existing Cortex XDR customer a bad prospect for Cortex XSOAR?
When they use the ATT&CK rubric to guide their security efforts.
Question 4 of 25.
Where can the entire history of group interactions involving an attack response be seen?
AutoFocus
WildFire
Question 5 of 25.
Which function displays an entire picture of an attack including its root cause or delivery point?
Question 6 of 25.
Question 7 of 25.
What’s a subplaybook?
an app that underlies a playbook to ensure it flows from task to task
It puts attack steps in context for security analysts, even when each step in itself may look innocent.
It is completely automatic and does not require security analysts for operation.
Question 9 of 25.
They are used to specify which exploit prevention method will be applied to a given process.
They define where and how users can run executable files.
Question 10 of 25.
Which two analysis methods does WildFire use to detect malware? (Choose two.)
executive restriction
dynamic
static
program slicing
Question 11 of 25.
Which Cortex product provides intelligence to inform alert and incident analysis?
Cortex XSOAR
AutoFocus
Cortex XDR
Zingbox
Question 12 of 25.
Which statement describes the malware protection flow in Cortex XDR Prevent?
Question 13 of 25.
Which are two ways that WildFire works with Cortex XDR Prevent? (Choose two.)
WildFire analyzes the root cause of attacks so that Cortex XDR can stop the attack before malware takes hold.
WildFire converts unknown attacks to known attacks so Cortex XDR can block the attacks in the future.
Question 14 of 25.
A zero-day vulnerability is a product security flaw of which the product's vendor has no prior awareness.
It learns about the processes used in a SOC to provide customized alerts to the right people in the SOC.
It learns about the processes used by a SOC to automate those processes.
It learns about all the attacks throughout the world so that it can recognize which attacks are present in an
environment.
It learns about normal user and process behavior in an infrastructure so it can recognize anomalous behavior.
Question 16 of 25.
Which sensor captures forensic information about a security event that occurs on an endpoint?
AutoFocus connector
Question 17 of 25.
Which function enables a customer to consistently use multiple competing products with similar functions?
Question 18 of 25.
Which two problems does a security operations team often encounter? (Choose two.)
Question 19 of 25.
What are two sources of log data for Cortex XDR? (Choose two.)
Next-generation firewalls
AutoFocus
Mobile devices
Agents on endpoints
Question 20 of 25.
What should a customer do to obtain a Cortex XSOAR dashboard that caters to their needs and processes?
quickly design and build the dashboard they need within minutes
hire consultants who can build in 30 to 60 days the dashboard they need
Question 21 of 25.
Unknown attack prevention approaches detect known attacks more quickly than do traditional known attack
approaches.
What are two sources of alert enrichment for Cortex XSOAR? (Choose two.)
SIEMs
AutoFocus
Question 23 of 25.
What is an advantage of the multi-method detection approach used by Cortex XDR over traditional antivirus
approaches?
Question 24 of 25.
In which two ways does Cortex XDR Prevent complement Palo Alto Networks perimeter protection? (Choose two.)
Information about threats is uploaded into Cortex XDR agents from perimeter NGFWs.
Cortex XDR agents send signatures about threats directly to Palo Alto Networks firewalls.
Endpoints sometimes are operated by their users outside the corporate network perimeter.
Cortex XDR can prevent malevolent process execution spawned by traffic the NGFW allows through.
Question 25 of 25.
Which Cortex XSOAR functionality always is part of accessing external sources for alert enrichment?
Playbooks
War Room
Incidents
Integrations