Which of the following represents the correct relation of alerts to incidents?

Which of the following represents the correct relation of alerts to incidents?A . Only alerts with the same host are grouped together into one Incident in a given time frame.B . Alerts that occur within a three hour time frame are grouped together into one Incident.C . Alerts with same...

March 30, 2022 No Comments READ MORE +

Which of the following policy exceptions applies to the following description?

Which of the following policy exceptions applies to the following description? ‘An exception allowing specific PHP files’A . Support exceptionB . Local file threat examination exceptionC . Behavioral threat protection rule exceptionD . Process exceptionView AnswerAnswer: B

March 30, 2022 No Comments READ MORE +

What kind of the threat typically encrypts userfiles?

What kind of the threat typically encrypts userfiles?A . ransomwareB . SQL injection attacksC . Zero-day exploitsD . supply-chain attacksView AnswerAnswer: A Explanation: Reference: https://www.proofpoint.com/us/threat-reference/ransomware#:~:text=Ransomware%20is%20a%20type%20of,ransom%20fee%20to%20the%20attacker

March 29, 2022 No Comments READ MORE +

Phishing belongs which of the following MITRE ATT&CK tactics?

Phishing belongs which of the following MITRE ATT&CK tactics?A . Initial Access, PersistenceB . Persistence, Command and ControlC . Reconnaissance, PersistenceD . Reconnaissance, Initial AccessView AnswerAnswer: D Reference: https://attack.mitre.org/techniques/T1566/

March 28, 2022 No Comments READ MORE +

When selecting multiple Incidents at a time, what options are available from the menu when a user right-clicks the incidents? (Choose two.)

When selecting multiple Incidents at a time, what options are available from the menu when a user right-clicks the incidents? (Choose two.)A . Assign incidents to an analyst in bulk.B . Change the status of multiple incidents.C . Investigate several Incidents at once.D . Delete the selected Incidents.View AnswerAnswer: A,B...

March 28, 2022 No Comments READ MORE +

When creating a custom XQL query in a dashboard, how would a user save that XQL query to the Widget Library?

When creating a custom XQL query in a dashboard, how would a user save that XQL query to the Widget Library?A . Click the three dots on the widget andthen choose “Save” and this will link the query to the Widget Library.B . This isn’t supported, you have to exit...

March 27, 2022 No Comments READ MORE +

To create a BIOC rule with XQL query you must at a minimum filter on which field inorder for it to be a valid BIOC rule?

To create a BIOC rule with XQL query you must at a minimum filter on which field inorder for it to be a valid BIOC rule?A . causality_chainB . endpoint_nameC . threat_eventD . event_typeView AnswerAnswer: D Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/cortex-xdr-indicators/working-with-biocs/create-a-bioc-rule.html

March 25, 2022 No Comments READ MORE +

What are two purposes of “Respond to Malicious Causality Chains” in a Cortex XDR Windows Malware profile? (Choose two.)

What are two purposes of “Respond to Malicious Causality Chains” in a Cortex XDR Windows Malware profile? (Choose two.)A . Automatically close the connections involved in malicious traffic.B . Automatically kill the processes involved in malicious activity.C . Automatically terminate the threads involved in malicious activity.D . Automaticallyblock the IP...

March 25, 2022 No Comments READ MORE +

Which statement is correct for the incident?

A file is identified as malware by the Local Analysis module whereas WildFire verdict is Benign, Assuming WildFire is accurate . Which statement is correct for the incident?A . It is true positive.B . It is false positive.C . It is a false negative.D . It is true negative.View AnswerAnswer:...

March 25, 2022 No Comments READ MORE +

When using the “File Search and Destroy” feature, which of the following search hash type is supported?

When using the “File Search and Destroy” feature, which of the following search hash type is supported?A . SHA256 hash of the fileB . AES256 hash of the fileC . MD5 hash of the fileD . SHA1 hash of the fileView AnswerAnswer: A Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/response-actions/search-file-and-destroy.html

March 25, 2022 No Comments READ MORE +