option
Questions
ayuda
daypo
CREATE TEST
search.php

ERASED TEST, YOU MAY BE INTERESTED ON pieseycowrtek

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
pieseycowrtek

Description:
Test for learning

Author:
Iron Maiden
Other tests from this author

Creation Date: 10/02/2025

Category: Others

Number of questions: 62
Share the Test:
New CommentNuevo Comentario
No comments about this test.
Content:
A Cortex XDR customer wants to ingest emails from a single mailbox. The Mailbox brings in reported phishing emails and email requests from human resources (HR) to onboard new users. The customer wants to run two separate workflows from this mailbox. One for phishing and one for onboarding. What will allow Cortex XDR to accomplish this in the most efficient way? Create a playbook to process and determine incident type based on content of the email Create two instance of the email integration and classify one instance as ingesting incidents of type phishing and the other as ingesting incidents of type onboarding Use an incident classifier based on a field in each type of email to classify those containing “Phish Alert” in the subject as phishing and those containing “Onboard Request” as onboarding. Use machine learning (ML) to determine incident type.
Which statement applies to the differentiation of Cortex XDR from security information and event management (SIEM)? SIEM has been entirely designed and built as cloud-native, with the ability to stitch together cloud logs on-premises logs, third-party, and endpoint logs. SIEM has access to raw logs from agent, where Cortex XDR traditionally only gets alerts. Cortex XDR allows just logging into the console and out of the box the events were blocker as a proactive approach Cortex XDR requires a large and diverse team to analyst and up to several weeks for simple like creating an alert.
Which attack method is a result of techniques designed to gain access through vulnerabilities in the code of an operating system (OS) or application? Malware Exploit Ransomware Phishing.
Why is reputation scoring important in the Threat Intelligence Module of Cortex XSOAR? It allows for easy comparison between open-source intelligence and paid services It provides a mathematical model for combining scores from multiple vendors It deconflicts prioritization when two vendors give different scores for the same indicator It helps identify threat intelligence vendors with substandard content.
Which deployment type supports installation of an engine on Windows, Mac OS, and Linux? RPM SH DEB ZIP.
Which task setting allows context output to a specific key? Task Output Tags Extend Content Stop and Errors.
Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command and control (C2) traffic. What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall? Have XSOAR automatically add the IP address to a threat intelligence management (TIM) malicious IP list to elevate priority of future alerts Have XSOAR automatically add the IP address to an external dynamic list (EDL) used by the firewall Have XSOAR automatically add the IP address to a deny rule in the firewall Have XSOAR automatically create a NetOps ticket requesting a configuration change to the firewall to block the IP.
Which statement applies to a Cortex XSOAR engine that is part of a load-balancing group? It must be in a load-balancing group with at least three additional members It can be used separately as an engine only if directly connected to the XSOAR server It must have port 443 open to allow the XSOAR server to establish a connection It does not appear in the engine drop-down menu when configuring an integration instance.
Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence? Chain’s alert initiator Relevant shell Adversary’s remote process Causality group owner .
Which two methods does the Cortex XDR agent use to identify malware during a scheduled scan? (choose 2) Signature comparison Heuristic analysis Wildfire hash comparison Dynamic analysis.
When initiated, which Cortex XDR capability allows immediate termination of the process or whole process tree on an anomalous process discovered during investigation of a security event? Live terminal Log stitching File explorer Live sensors.
A Cortex XSOAR customer wants to send a survey to users asking them to input their manager’s email for a training use case so the manager can receive status reports on the employee’s training. However, the customer is concerned users will provide incorrect information to avoid sending status updates to their manager. How can Cortex XSOAR most efficiently sanitize user input prior to using the response in the playbook? Create a sub-playbook and import a list of manager emails into XSOAR. Use a condition task compassion to check it the response matches an email on the list. If no matches are found, loop the sub-playbooks and send the survey back to the user until a match is found. Create a manual task to ask the analyst to validate the survey response in the platform Create a task that sends the survey responses to the analyst via email. If the responses are incorrect. The analyst fills out the correct response in the survey Create a conditional task comparison to check if the response contains a valid email address.
A Cortex XDR Pro administrator is alerted to a suspicious process creation security event from multiple users who believe these events are false positives Which two steps should be taken confirm the false positives and create an exception? (Choose two ) In the Cortex XDR security event, review the specific parent process, child process, and command line arguments - Contact support and ask for a security exception. Within the Malware Security profile, disable the Prevent Malicious Child Process Execution module. Within the Malware Security profile, add the specific parent process, child process, and command line argument to the child process whitelist.
Which method is used for third-party network data consumption? Open Database Connectivity (ODBC) connection to network device database File reader to the /var/log/message file on the device Common Event Format (CEF) via broker Syslog module Script library from the action center.
A customer agrees to do a 30-days proof of concept (POC) and wants to integrate with a product with which Cortex XSOAR is not currently integrated What is the appropriate response to this customer? Agree to build the integration as part of the POC Extend the POC window to allow the solution architect to build it Explain that customer integrations are not included in the POC Explain that it can be built by Professional Service, but it will take an additional 30 days.
Which two areas of Cortex XDR are used for threat hunting activities? (Choose Two) Query builder Live terminal Host insight module Indicator of compromise (IOC) rules.
Which two entities can be created as a behavioral indicator of compromise (BIOC)? (choose two) Data Network Event alert Process.
What is a benefit offered by Cortex XSOAR It allows the consolidation of multiple point products into a single integrated services It enables an end-to-end view of everything in the customer environment that affects digital employee productivity It has the ability to customize the extensible platform to scale to business needs It provides holistic protection across hosts and containers throughout the application lifecycle.
Which Cortex XDR license is required for a customer that requests endpoint detection and response (EDR) data collection capabilities? Cortex XDR pro Per Endpoint Cortex XDR Prevent Cortex XDR Pro per TB Cortex XDR Endpoint.
What are two capabilities of a War Room? (choose two) Create widget for an investigation Create playbooks for orchestration Act as an audit trail for an investigation Run ad-hoc automation commands.
Which two filter operations are available in Cortex XDR? (Choose two) Contains < > = Is Contained By.
Which action allows Cortex SOAR to access Docker in an air-gapped environment where the Docker package was manually installed after the Cortex XSOAR installation? Disable the Cortex SOAR service. Create a "Cortex XSOAR" or "demisto" group and add the "docker" user to this group. Enable the Docker service Create a "docker" group and add the "Cortex SOAR" or "demisto" user to this group. .
Cortex XDR external data ingestion processes ingest data from which sources? windows event logs, syslogs, and custom external sources syslogs only windows event logs only. windows event logs and syslogs only .
On a multi-tenanted 6.2 Cortex XSOAR server, which path leads to the server log for "Tenant 1"? /var/log/demisto/acc_Tenant1/server.log /var/1og/demisto/Tenant1/server.log /var/lib/demisto/acc_Tenant1/server.log /var/lib/demisto/server.log.
Which step is required to prepare the virtual desktop infrastructure (VDI) golden image? Run the VDI conversion tool Review any portable executable (PE) file Wildfire determined to be malicious Ensure the latest content updates are installed Set the memory dumps to manual setting.
Which playbook feature allows concurrent execution of tasks? Automation tasks Parallel tasks Conditional tasks Manual tasks.
Which two types if indicators of compromise (IOC) are available in Cortex XDR? (Choose two) Domain Registry entry Endpoint hostname Internet protocol (IP).
Which two statements apply to widgets? (Choose two) A widget can have its own time range that is different from the rest of the dashboard Some widgets cannot be changed Dashboards cannot be shared across an organization All widgets are customizable.
Which two actions are required to add indicators to the whitelist? (Choose two ) Select the indicators and click "Delete and Whitelist" in the Indicators page Click "New Whitelisted Indicator" in the Whitelist page Upload an external file named "whitelist" to the Indicators page Upload an external file named "whitelist" to the Whitelist page.
Which service helps uncover attackers wherever they hide by combining world class threat hunters with Cortex XDR technology that runs on integrated endpoint, network, and cloud data sources? Threat Intelligence Platform (TIP) Managed Threat Hunting (MTH) virtual desktop infrastructure (VDI) Cloud Identity Engine (CIE).
Which type of log is ingested natively in Cortex XDR Pro per TB? Google Kubernetes Engine Demisto Microsoft Office 365 Docker.
Where is the output of the task visible when a playbook task error out? /var/log/messages XSOAR audit log War Room of the incident Playbook editor.
What is a benefit of user entity behavior analytics (UEBA) over security information and event management (SIEM)? UEBA establishes a secure connection in which endpoints can be routed, and it collects and forwards logs and files for analysis SIEMs have difficulty detecting unknown or advanced security threats that do not involve malware, such as credential theft UEBA can add trusted signers of Windows or Mac processes to a whitelist in the Endpoint Security Manager (ESM) Console SIEMs supports only agentless scanning, not agent-based workload protection across VMs, containers/Kubernetes.
Which solution profiles network behavior metadata, not payloads and files, allowing effective operation regardless of encrypted or unencrypted communication protocols, like HITPS? Security Information and Event Management (SIEM) Endpoint protection platform (EPP) Network Detection and Response (NDR) Endpoint detection and response (EDR) .
Which two manual actions are allowed on War Room entries? (Choose two) mark as artifact mark as evidence mark as scheduled entry mark as note.
Which two Cortex SOAR incident type features can be customized under Settings > Advanced › Incident Types? (Choose two) defining whether a playbook runs automatically when an incident type is encountered setting reminders for an incident service level agreement (SLA) adding new fields to an incident type dropping new incidents of the same type that contain similar information.
What are two reasons incident investigation is needed in Cortex DR? (Choose two ) Analysts need to acquire forensic artifacts of malware that has been blocked by the DR agent Insider Threats may not be blocked and initial activity may go undetected No solution will stop every attack requiring further investigation of activity Detailed reports are needed for senior management to justify the cost of XDR.
An adversary attempts to communicate with malware running on a network in order to control malware activities or to exfiltrate data from the network Which Cortex DR Analytics alert will this activity most likely trigger? malware DNS Tunneling new administrative behavior uncommon local scheduled task creation .
A customer wants the main Cortex SOAR server installed in one site and wants to integrate with three other technologies a second site What communications are required between the two sites if the customer wants to install a Cortex SOAR engine in the second site? Dedicated site-to-site virtual private network (VPN) is required for the Cortex SOAR server at the first site to initiate connection to the Cortex SOAR engine at the second site The Cortex SOAR server at the first site must be able to initiate a connection to the Cortex SOAR engine at the second site All connectivity is initiated from the Cortex XSOAR server on the first site via a managed cloud proxy The Cortex XSOAR engine at the first site must be able to initiate a connection to the Cortex SOAR server at the second site.
Which command is used to add Cortex XSOAR “User1” to an investigation from the War Room command-line interface (Choose two) /invite User1 |invite User1 @User1 #User1.
Which two types of indicators of compromise (IOC) are available for creation in Cortex XDR? (Choose Two) Hostname Hash Registry File path.
Which two items are stitched to the Cortex XDR causality chain? (Choose two) Security and information event management (SIEM) alert Full uniform resource locator (URL) Firewall alert Registry set value.
Which integration allows data to be pushed from Cortex XSOAR into Splunk? SplunkPY integration Demisto App for Splunk integration SplunkUpdates integration ArcSight ESM integration.
Which playbook functionality allows grouping of tasks to create functional building blocks? Playbook features Sub-playbooks Manual tasks Conditional tasks.
Which element displays an entire picture of an attack, including the root cause of delivery point? Cortex XDR Causality View Cortex XSOAR Work Plan Cortex Data Lake Cortex SOC Orchestrator.
What does the Cortex XSOAR "Saved by Dbot" widget calculate? amount saved in Dollars by using Cortex SOAR instead of other products a amount of time saved by Dbot's machine learning (ML) capabilities amount saved in Dollars according to actions carried out by all users in Cortex SOAR across all incidents amount of time saved by each playbook task within an incident.
Which two playbook functionalities allow looping through a group of tasks during playbook execution? (Choose two ) playbook functions sub-playbooks GenericPolling playbooks playbook tasks.
Which Cortex XDR agent capability prevents loading malicious files from USB-connected removable equipment? agent configuration agent management device control device customization .
Which command-line interface (CLI) query would retrieve the last three Splunk events? |search using=splunk_instance_1 query="* I last 3" |search using=splunk_instance_1 query="* | head 3" |query using=splunk_instance_1 query="*I Last 3" |search using=splunk_instance_1 query="* | 3" .
What is the size of the free Cortex Data Lake instance provided to a customer who has activated a TMS tenant, but has n purchased a Cortex Data Lake instance? 10GB 10 TB 1TB 100 GB .
Which integration allows searching and displaying Splunk results within Cortex SOAR? Demisto App for Splunk integration Splunk integration XSOAR REST API integration SplunkPY integration.
Which statement applies to the malware protection flow in Cortex DR Prevent? Local static analysis happens before a WildFire verdict check A trusted signed file is exempt from local static analysis Hash comparisons come after local static analysis In the final step, the block list is verified .
Where can all the relevant incidents for an indicator be viewed? Related Incidents column in indicator screen Linked Indicators column in incident screen Related Indicators column in incident screen Linked Incidents column in indicator screen .
Which source provides data for Cortex XDR? VMware NSX Amazon rank indicator Linux endpoints Cisco ACI.
What is used to display only file entries in a War Room? |Files from War Room CLI Incident files section in layout builder /files from War Room CLI Files and attachments filters.
What allows the use of predetermined Palo Alto Networks roles to assign access nights to Cortex DR users? cloud identity engine (CIE) role-based access control (RBAC) restrictions security profile endpoint groups.
How do sub-playbooks affect the Incident Context Data? When set to private, task outputs are automatically written to the root context. When set to global, parallel task execution is allowed. When set to global, sub-playbook tasks do not have access to the root context. When set to private, task outputs do not automatically get written to the root context.
A Cortex XSOAR customer has a phishing use case in which a playbook has been implemented with one of the steps block a malicious URL found in an email reported by one of the users What would be the appropriate next step in the playbook? Change the user's password Email the CISO to advise that malicious email was found. Email the user to confirm the reported email was phishing. Disable the user's email account.
How can Cortex SOAR save time when a phishing incident occurs? It can automatically respond to the phishing email to unsubscribe from future emails It can automatically purge the email from user mailboxes in which it has not yet opened. It can automatically email staff to warn them about the phishing attack and show them a copy of the email. It can automatically identify every mailbox that received the phish and create corresponding cases for them.
What does DBot use to score an indicator that has multiple reputation score? Most severe score Least severe score Undefined score Average score.
Which Linux OS command will manually load Docker images onto the Cortex XSOAR server in an air-gapped environment? sudo docker load -I YOUR_DOCKER_FILE.tar sudo repoquery -a –installed sudo docker ps load sudo demistoserver-x.x-xxxxx.sh -- -tools=load.
A customer has purchased Cortex Data Lake storage with the following configuration, which requires 2 TB of Cortex Data Lake to order: -Support for 300 total Cortex XDR Clients all forwarding Cortex XDR data within 30 day retention -Storage for higher fidelity logs to support Cortex XDR advanced analytics The customer now needs 1000 total Cortex XDR clients, but continues with 300 clients forwarding Cortex XDR data with day retention What is the new total storage requirement for Cortex Data Lake storage to order? 16 ТВ 8 TB 4 TB 2 TB.
Report abuse