Which solution will minimize mean time to resolution (MTTR) when, as a result of previous malware infection, a company’s Windows endpoint is suffering a small amount of file corruption and modified registry keys?

Use remediation suggestions to restore the affected files and registry modifications.

Issue a new laptop from the help desk to expedite a clean system.

Use Live Terminal to connect to the machine and upload files to replace the corrupted files.

Use group policy objects to push new files and registry key changes to the endpoint.

With a Windows endpoint, what is required to remove the Cortex XDR agent when the endpoint is no longer online and cannot be managed directly from the management console?

An administrator must use Cytool to disable security protection on the endpoint with an uninstall password.

A Cortex XDR administrator must provide the end user with an offline removal tool created in the management console.

When running the uninstaller, the administrator must enter an uninstall password from the management console.

An administrator must disable the agent by opening the agent console from the system tray and entering a password.

What are two outcomes of threat intelligence in a SOC? (Choose two.)

Mitigation of potential risks to systems and data.

Identification and detection of known threat verdicts to improve company security posture.

Enablement of security operations teams to reduce workload through automation.

Reduction of the number of alerts observed in an incident.

What is the main difference between artificial intelligence (AI) and machine learning (ML) in cybersecurity?

ML enables machines to learn from data, while AI enables machines to mimic human cognitive functions.

AI and ML are interchangeable terms that refer to preprogrammed rules which can detect threats.

ML is a broader discipline that includes AI, which focuses solely on natural language processing.

AI is used for automating responses, while ML manages hardware and network infrastructure.

What is the Cortex XSOAR Marketplace?

Built-in repository of installable content, including integrations and automations.

Searchable collection of third-party playbooks and data models.

Development environment for creating and sharing third-party integrations.

Digital storefront where Cortex XSOAR training credits can be purchased and used.

Which two functions are allowed when stitching logs in Cortex XDR? (Choose two.)

Creating granular BIOC and correlation rules.

Running investigation queries based on combined network and endpoint events.

Providing real-time threat prevention or remediation of threats.

Enabling creation of custom scripts for remediation of security incidents.

Which two statements are relevant to reports in Cortex XDR? (Choose two.)

They can be sent in a password protected PDF version.

They can have an attached screenshot of an XQL query widget.

They can be automatically pushed to the corporate intranet.

They can use mock data for visualization.

What is enabled by Role Based Access Control (RBAC) in Cortex XDR?

Userility to manage Cortex XDR features based on job function.

Management of permissions and assignment of administrator access rights.

Automated response to detected threats based on user roles.

Granular control and visibility over network traffic policies based on user roles.

How does behavioral analytics differ from signature-based detection?

It analyzes deviations from normal behavior patterns.

It blocks only known malware hashes.

How does machine learning enhance detection in Security Operations?

By identifying behavioral anomalies from data patterns.

By relying exclusively on static signatures.

By automatically rewriting firewall rules.

By disabling false positives entirely.

Which activities are part of effective incident management? (Choose 2)

Prioritization based on impact.

What differentiates a script from a job in Cortex XSOAR?

Scripts perform single tasks, while jobs run scheduled automation tasks.

Scripts manage HA, jobs manage NAT.

Scripts configure firewalls, jobs update routing.

Scripts replace agents, jobs deploy hardware.

During a phishing investigation, an analyst identifies the same malicious domain in multiple alerts. Which step aligns with eradication?

Remove persistence mechanisms and block the domain.

3 - PALO ALTO SOP

Authored by Yohana Gracia Naomi

others

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

30 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which incident should a responder prioritize based on overall functional and informational impact to the company?

A user in the accounting department receives a pop-up message after visiting a website.

A public-facing web server has multiple failed login attempts over a short period of time.

An external-facing company website is currently unavailable.

A large upload of user data from an internal file server to a public website occurs.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which response action in Cortex XSIAM would be unavailable to a SOC analyst investigating an incident involving a Linux server?

File search and destroy.

Live Terminal session initiation.

Running a script.

Halting network access.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the role of content packs in Cortex XSOAR?

To provide rebuilt bundles for supporting security orchestration use cases.

To support technical support teams with relevant information required to troubleshoot.

To serve as a central location for installing, exchanging, and contributing content.

To serve as a major software versioning update.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which action should an administrator take to create automated response actions when a user account is compromised, allowing attacker to upload data to an external IP address and infect a machine on the company network with malware?

Create automation rules in Cortex XDR that will trigger for each alert.

Create a script in Cortex XSOAR that will run a playbook based on the scenario.

Create playbook triggers in Cortex XSIAM and run playbooks for each alert.

Map the events as type of Cortex XSOAR incident, then run a playbook.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which two statements apply to creating scripts in Cortex XSOAR? (Choose two.)

They can be protected using a password.

They can be scheduled to run at a later time and day.

They can be written using Java.

They can be executed with higher permissions.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which two roles can access data model rules in Cortex XSIAM? (Choose two.)

Account admin.

Deployment admin.

Instance administrator.

IT administrator.

MULTIPLE SELECT QUESTION

30 sec • 1 pt

Which two types of tasks are supported in Cortex XSIAM playbooks? (Choose two.)

Sub-playbook.

Script creation.

Conditional.

Data collection.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

10 questions

Main Idea and Supporting Details

Quiz

•

3rd - 6th Grade

20 questions

Math Review

Quiz

•

3rd Grade

14 questions

25-26 SY 8th Grade EOY Benchmark

Quiz

•

8th Grade

15 questions

Fast food

Quiz

•

7th Grade

20 questions

Math Review

Quiz

•

6th Grade

20 questions

Context Clues

Quiz

•

6th Grade

21 questions

EOY Grade 6 Benchmark Assessment - Content Skills

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

Discover more resources for others

10 questions

Main Idea and Supporting Details

Quiz

•

3rd - 6th Grade

20 questions

Math Review

Quiz

•

3rd Grade

14 questions

25-26 SY 8th Grade EOY Benchmark

Quiz

•

8th Grade

15 questions

Fast food

Quiz

•

7th Grade

20 questions

Math Review

Quiz

•

6th Grade

20 questions

Context Clues

Quiz

•

6th Grade

21 questions

EOY Grade 6 Benchmark Assessment - Content Skills

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

3 - PALO ALTO SOP

Which incident should a responder prioritize based on overall functional and informational impact to the company?

Which response action in Cortex XSIAM would be unavailable to a SOC analyst investigating an incident involving a Linux server?

What is the role of content packs in Cortex XSOAR?

Which action should an administrator take to create automated response actions when a user account is compromised, allowing attacker to upload data to an external IP address and infect a machine on the company network with malware?

Which two statements apply to creating scripts in Cortex XSOAR? (Choose two.)

Which two roles can access data model rules in Cortex XSIAM? (Choose two.)

Which two types of tasks are supported in Cortex XSIAM playbooks? (Choose two.)

Which scripting language would create a custom widget in Cortex XDR that shows the top five accounts with failed Windows logons in the past 24 hours?

Which solution will minimize mean time to resolution (MTTR) when, as a result of previous malware infection, a company’s Windows endpoint is suffering a small amount of file corruption and modified registry keys?

With a Windows endpoint, what is required to remove the Cortex XDR agent when the endpoint is no longer online and cannot be managed directly from the management console?

Access all questions and much more by creating a free account

Popular Resources on Wayground

Discover more resources for others