Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

A CISO has asked an engineer to create a custom dashboard in Cortex XSIAM that can be filtered to show incidents assigned to a specific user.

Which feature should be used to filter the incident data in the dashboard?

A.

Filters and inputs in the custom dashboard

B.

Report template to set the incident user filter

C.

Visualization filter options in the widget configuration

D.

Incident summary view to filter by user

Which type of parsing error is categorized in the dataset "parsing_rules_errors"?

A.

Compilation

B.

Unrecognized code

C.

Invalid syntax

D.

Data mismatch

While using the remote repository on a Development XSIAM tenant, which two objects can be pushed or pulled to the remote repository? (Choose two.)

A.

Scripts

B.

Parsing rules

C.

iLists

D.

Layouts

Which two requirements must be met for a Cortex XDR agent to successfully use the Broker VM as a download source for content updates? (Choose two.)

A.

Device Configuration profile applied to the XDR agent must specify the Broker VM as a Download Source.

B.

Agent Settings profile applied to the XDR agent must specify the Broker VM as a Download Source.

C.

Broker VM must be configured with an FQDN.

D.

XDR agent must authenticate to the Broker VM using a machine certificate.\

How will Cortex XSIAM help with raw log ingestion from third-party sources in an existing infrastructure?

A.

Any structured logs coming into it are left completely unchanged, and only metadata is added to the raw data.

B.

For structured logs, like CEF, LEEF, and JSON, it decouples the key-value pairs and saves them in table format.

C.

Any unstructured logs coming into it are left completely unchanged, and metadata is not added to the raw data.

D.

For unstructured logs, it decouples the key-value pairs and saves them in a table format.

A sub-playbook is configured to loop with a For Each Input. The following inputs are given to the sub-playbook:

Input x: W,X,Y,Z

Input y: a,b,c,d

Input z: 9

Which inputs will be used for the second iteration of the loop?

A.

a,b,c,d

B.

X,b,9

C.

X,b

D.

X,b,c

Which common issue can result in sudden data ingestion loss for a data source that was previously successful?

A.

Data source is using an unsupported data format.

B.

Data source has reached its maximum storage capacity.

C.

Data source has reached its end of life for support.

D.

API key used for the integration has expired.

A Cortex XSIAM engineer plans to add Kafka and Syslog Collectors to a Broker VM cluster.

What are two expected behaviors of the applets when they are added to the cluster? (Choose two.)

A.

Syslog Collector applet is automatically initiated, enters an active state on the primary node, and is on standby on the standby nodes.

B.

Kafka Collector applet is automatically initiated, enters an active state on the primary node, and is on standby on the standby nodes.

C.

Syslog Collector applet is active on all cluster nodes, including primary and standby.

D.

Kafka Collector applet is active on all cluster nodes, including primary and standby.

A Cortex XSIAM engineer is developing a playbook that uses reputation commands such as '!ip' to enrich and analyze indicators.

Which statement applies to the use of reputation commands in this scenario?

A.

If no reputation integration instance is configured, the '!ip' command will execute but will return no results.

B.

Reputation commands such as '!ip' will fail if the required reputation integration instance is not configured and enabled.

C.

The mapping flow for enrichment commands is disabled if extraction is set to "None."

D.

Enrichment data will not be saved to the indicator unless the extraction setting is manually configured in the playbook task.

Before initiating a malware scan action on a Linux workstation, an engineer notices that the Cortex XDR agent's operational status on the workstation is reporting as "partially protected." There have been no configuration changes made from the Cortex XSIAM server.

What are two explanations for this operational status? (Choose two.)

A.

The Linux endpoint is currently running 4.0 kernel version.

B.

The Linux endpoint's kernel modules failed to load due to unsupported kernel versions.

C.

The agent is outdated and requires an upgrade to the latest version to regain full protection.

D.

The agent was manually disabled on the endpoint by the user or an administrator.