Palo Alto Networks SecOps-Pro Exam Questions & Answers

Question 6 of 60

How is WildFire typically used by Cortex XDR?

A.

To serve as a cloud-based sandboxing and a malware analysis engine

B.

To build custom correlation rules using XQL

C.

To be an extension of the Unit 42 incident response team

D.

To display the compared artifacts with known bad SHA256 hashes

Question 7 of 60

During a sophisticated cyber attack, a company experiences a stealthy, multivector intrusion that evades detection by traditional security tools.
The company requires a solution that will correlate and analyze the disparate attack indicators across its network, endpoints, and cloud environments to uncover the full scope of the breach and take immediate automated response actions.
Which solution should be recommended?

A.

XDR

B.

SIEM

C.

EDR

D.

XSOAR

Question 8 of 60

Which Cortex XDR component raises an alert when suspicious activity composed of multiple events is detected and deviates from established baseline behavior?

A.

Analytics Engine

B.

Causality Analysis Engine

C.

XQL Query Engine

D.

Cloud Identity Engine

Question 9 of 60

A new incident in Cortex XSIAM contains WildFire malware and Behavioral Threat Protection (BTP) alertsout an unsigned process attempting to dump the memory of Isass.exe.
Which initial verdict applies to this incident?

A.

False positive

B.

True positive

C.

False negative

D.

True negative

Question 10 of 60

Where can an administrator begin to grant a new non-SSO user access to a Cortex XDR tenant?

A.

Cortex XDR tenant settings under Access Management

B.

Cortex Gateway

C.

Customer Support Portal

D.

IT Service Portal