Page: 1
/ 7
Total 91 questions
In Cortex XDR management console scheduled reports can be forwarded to which of the following applications/services?
- A. Service Now
- B. Slack
- C. Salesforce
- D. Jira
Answer : B
Which type of IOC can you define in Cortex XDR?
- A. Source port
- B. Destination IP Address
- C. Destination IP Address:Destination
- D. Source IP Address
Answer : B
What is the action taken out by Managed Threat Hunting team for Zero Day Exploits?
- A. MTH runs queries and investigative actions and no further action is taken.
- B. MTH researches for threats in the logs and reports to engineering.
- C. MTH researches for threats in the tenant and generates a report with the findings.
- D. MTH pushes content updates to prevent against the zero day exploits.
Answer : C
What is an example of an attack vector for ransomware?
- A. A URL filtering feature enabled on a firewall
- B. Phishing emails containing malicious attachments
- C. Performing DNS queries for suspicious domains
- D. Performing SSL Decryption on an endpoint
Answer : B
What should you do to automatically convert leads into alerts after investigating a lead?
- A. Lead threats can't be prevented in the future because they already exist in the environment.
- B. Build a search query using Query Builder or XQL using a list of IOCs.
- C. Create IOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.
- D. Create BIOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.
Answer : C
When reaching out to TAC for additional technical support related to a Security Event; what are two critical pieces of information you need to collect from the Agent? (Choose two.)
- A. The prevention archive from the alert.
- B. The unique agent id.
- C. The distribution id of the agent.
- D. The agent technical support file.
- E. A list of all the current exceptions applied to the agent.
Answer : BD
Which function describes the removal of a specific file from its location on a local or removable drive to a protected folder to prevent the file from being executed?
- A. Search & destroy
- B. Quarantine
- C. Isolation
- D. Flag for removal
Answer : B
What is the maximum number of agents one Broker VM local agent applet can support?
- A. 10,000
- B. 15,000
- C. 5,000
- D. 20,000
Answer : C
Which of the following represents a common sequence of cyber attack tactics?
- A. Actions on the objective >> Reconnaissance >> Weaponisation & Delivery >> Exploitation >> Installation >> Command & Control
- B. Installation >> Reconnaissance >> Weaponisation & Delivery >> Exploitation >> Command & Control >> Actions on the objective
- C. Reconnaissance >> Installation >> Weaponisation & Delivery >> Exploitation >> Command & Control >> Actions on the objective
- D. Reconnaissance >> Weaponisation & Delivery >> Exploitation >> Installation >> Command & Control >> Actions on the objective
Answer : D
Which Exploit Protection Module (EPM) can be used to prevent attacks based on OS function?
- A. Memory Limit Heap Spray Check
- B. DLL Security
- C. UASLR
- D. JIT Mitigation
Answer : B
Which statement is correct based on the report output below?
- A. Forensic inventory data collection is enabled.
- B. 133 agents have full disk encryption.
- C. 3,297 total incidents have been detected.
- D. Host Inventory Data Collection is enabled.
Answer : D
Which search methods is supported by File Search and Destroy?
- A. File Search and Repair
- B. File Seek and Destroy
- C. File Search and Destroy
- D. File Seek and Repair
Answer : C
Which of the following Live Terminal options are available for Android systems?
- A. Run Android commands.
- B. Live Terminal is not supported.
- C. Run APK scripts.
- D. Stop an app.
Answer : B
What contains a logical schema in an XQL query?
- A. Field
- B. Bin
- C. Dataset
- D. Arrayexpand
Answer : C
30 days access 