Palo Alto Networks
SecOps-Pro
Q1:
A new incident in Cortex XSIAM contains WildFire malware and Behavioral Threat Protection (BTP) alerts about an unsigned process attempting to dump the memory of lsass.exe. Which initial verdict applies to this incident?
○
A
False positive○
B
True positive○
C
False negative○
D
True negative
Palo Alto Networks
SecOps-Pro
Q2:
Which two functions are allowed when stitching logs in Cortex XDR? (Choose two.)
☐
A
Providing real-time threat prevention or remediation of threats☐
B
Creating granular BIOC and correlation rules☐
C
Enabling creation of custom scripts for remediation of security incidents☐
D
Running investigation queries based on combined network and endpoint events
Palo Alto Networks
SecOps-Pro
Q3:
What is the Cortex XSOAR Marketplace?
○
A
Searchable collection of third-party playbooks and data models○
B
Development environment for creating and sharing third-party integrations○
C
Digital storefront where Cortex XSOAR training credits can be purchased and used○
D
Built-in repository of installable content, including integrations and automations
Palo Alto Networks
SecOps-Pro
Q4:
Why would a security engineer be unable to activate Cortex XDR analytics when configuring data sources and alert sensors during a Cortex XSIAM evaluation? (Choose one answer)
○
A
The engineer needs to install the Analytics engine.○
B
Pathfinder must be activated before turning on analytics.○
C
Baseline requirements must be met before activating analytics.○
D
The engineer still needs to activate the identity Analytics engine.
Palo Alto Networks
SecOps-Pro
Q5:
Which Cortex XSIAM feature uses machine learning to automatically group related alerts into a single, manageable incident to reduce alert fatigue?
○
A
XDM Mapping○
B
Alert Stitching○
C
Incident Stitching○
D
Analytics Engine