Question 6 of 96
What license would be required for ingesting external logs from various vendors?
Answer

Suggested Answer

The suggested answer is C.

To ingest external logs from various vendors, a Cortex XDR Pro per TB license is required. This licensing model is tailored for handling large volumes of data, making it suitable for processing logs from multiple external sources.

Community Votes2 votes
CSuggested
50%
B
50%
Question 7 of 96
An attacker tries to load dynamic libraries on macOS from an unsecure location. Which Cortex XDR module can prevent this attack?
Answer

Suggested Answer

The suggested answer is D.

The Cortex XDR module that can prevent an attacker from loading dynamic libraries on macOS from an insecure location is 'Dylib Hijacking.' This specific module is designed to counteract dylib-hijacking attacks, where an attacker tries to exploit dynamic library loading mechanisms by injecting malicious libraries from insecure locations to gain control over a process. The name directly indicates its purpose related to dynamic libraries, making it the correct choice.

Community Votes6 votes
DSuggested
100%
Question 8 of 96
What is the purpose of the Unit 42 team?
Answer

Suggested Answer

The suggested answer is C.

The purpose of the Unit 42 team is to focus on threat research, malware analysis, and threat hunting. Unit 42 is known for its efforts in understanding and mitigating cybersecurity threats, providing valuable insights through their research and reports.

Community Votes1 vote
CSuggested
100%
Question 9 of 96
Which Type of IOC can you define in Cortex XDR?
Answer

Suggested Answer

The suggested answer is C.

In Cortex XDR, an Indicator of Compromise (IOC) can be defined using various static artifacts that are considered malicious or suspicious. One such type of IOC is the full path, which helps in identifying potentially harmful files based on their location in the file system. This option aligns with the listed criteria for defining IOCs in the context of cybersecurity.

Community Votes6 votes
CSuggested
100%
Question 10 of 96
When viewing the incident directly, what is the “assigned to” field value of a new Incident that was just reported to Cortex?
Answer

Suggested Answer

The suggested answer is C.

When a new incident is reported to Cortex, the 'assigned to' field value is 'Unassigned'. This is because the incident has not yet been assigned to any user for investigation. Incidents that have not been assigned are typically marked as 'Unassigned' until an analyst is specifically assigned to handle the case.

Community Votes5 votes
CSuggested
100%