Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Which Cortex XDR capability allows for the immediate termination of a process discovered during investigation of a security event?

A.

file explorer

B.

Log stitching

C.

live sensor

D.

live terminal

What is the result of creating an exception from an exploit security event?

A.

Administrators are exempt from generating alerts for 24 hours.

B.

Process from WildFire analysis is whitelisted.

C.

Triggered exploit protection module (EPM) for the host and process involved is disabled.

D.

User is exempt from generating events for 24 hours.

How does DBot score an indicator that has multiple reputation scores?

A.

uses the most severe score scores

B.

the reputation as undefined

C.

uses the average score

D.

uses the least severe score

Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?

A.

the relevant shell

B.

The causality group owner

C.

the adversary's remote process

D.

the chain's alert initiator

Which source provides data for Cortex XDR?

A.

VMware NSX

B.

Amazon Alexa rank indicator

C.

Cisco ACI

D.

Linux endpoints

The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second Image? (Choose two.)

SUCCESS

A.

The modified scnpt was run in the wrong Docker image

B.

The modified script required a different parameter to run successfully.

C.

The dictionary was defined incorrectly in the second script.

D.

The modified script attempted to access a dictionary key that did not exist in the dictionary named "data”

Given the integration configuration and error in the screenshot what is the cause of the problem?

A.

incorrect instance name

B.

incorrect Username and Password

C.

incorrect appliance port

D.

incorrect server URL

Which two actions are required to add indicators to the whitelist? (Choose two.)

A.

Click "New Whitelisted Indicator" in the Whitelist page.

B.

Upload an external file named "whitelist" to the Whitelist page.

C.

Upload an external file named "whitelist" to the Indicators page.

D.

Select the indicators and click "Delete and Whitelist" in the Indicators page.

A prospective customer is interested in Cortex XDR but is enable to run a product evaluation.

Which tool can be used instead to showcase Cortex XDR?

A.

Test Flight

B.

War Game

C.

Tech Rehearsal

D.

Capture the Flag

Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command-and-control (C2) traffic.

What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall?

A.

Have XSOAR automatically add the IP address to a threat intelligence management (TIM) malicious IP list to elevate priority of future alerts.

B.

Have XSOAR automatically add the IP address to a deny rule in the firewall.

C.

Have XSOAR automatically add the IP address to an external dynamic list (EDL) used by the firewall.

D.

Have XSOAR automatically create a NetOps ticket requesting a configuration change to the firewall to block the IP.