Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

Which type of IOC can you define in Cortex XDR?

A.

Destination IP Address

B.

Source IP Address

C.

Source port

D.

Destination IPAddress: Destination

Which of the following policy exceptions applies to the following description?

‘An exception allowing specific PHP files’

A.

Support exception

B.

Local file threat examination exception

C.

Behavioral threat protection rule exception

D.

Process exception

When creating a BIOC rule, which XQL query can be used?

A.

dataset = xdr_data

| filter event_sub_type = PROCESS_START and

action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"

B.

dataset = xdr_data

| filter event_type = PROCESS and

event_sub_type = PROCESS_START and

action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"

C.

dataset = xdr_data

| filter action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"

| fields action_process_image

D.

dataset = xdr_data

| filter event_behavior = true

event_sub_type = PROCESS_START and

action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"

The Cortex XDR console has triggered an incident, blocking a vitally important piece of software in your organization that is known to be benign. Which of the following options would prevent Cortex XDR from blocking this software in the future, for all endpoints in your organization?

A.

Create an individual alert exclusion.

B.

Create a global inclusion.

C.

Create an endpoint-specific exception.

D.

Create a global exception.

Cortex XDR is deployed in the enterprise and you notice a cobalt strike attack via an ongoing supply chain compromise was prevented on 1 server. What steps can you take to ensure the same protection is extended to all your servers?

A.

Conduct a thorough Endpoint Malware scan.

B.

Enable DLL Protection on all servers but there might be some false positives.

C.

Enable Behavioral Threat Protection (BTP) with cytool to prevent the attack from spreading.

D.

Create lOCs of the malicious files you have found to prevent their execution.

What is the maximum number of agents one Broker VM local agent applet can support?

A.

5,000

B.

10,000

C.

15,000

D.

20,000

When is the wss (WebSocket Secure) protocol used?

A.

when the Cortex XDR agent downloads new security content

B.

when the Cortex XDR agent uploads alert data

C.

when the Cortex XDR agent connects to WildFire to upload files for analysis

D.

when the Cortex XDR agent establishes a bidirectional communication channel