Examice

Exam PCDRA All QuestionsBrowse all questions from this exam

Question 62

What should you do to automatically convert leads into alerts after investigating a lead?

Lead threats can't be prevented in the future because they already exist in the environment.

Build a search query using Query Builder or XQL using a list of IOCs.

Create IOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.

Create BIOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.

Correct Answer: D

To automatically convert leads into alerts after investigating a lead, you should create BIOC (Behavioral Indicators of Compromise) rules based on the set of collected attribute-value pairs over the affected entities concluded during the lead hunting. BIOCs are more dynamic and behavior-oriented than static IOCs (Indicators of Compromise), making them more effective in identifying and responding to potential threats in the future.

Discussion

kareem101Option: D

I believe this should be D. Leads are not static IOCs. https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Research-a-Known-Threat#:~:text=Inspect%20the%20information%20again%2C%20and%20identify%20any%20characteristics%20you%20can%20use%20to%20Create%20a%20BIOC%20Rule%20or%20Create%20a%20Correlation%20Rule.

ChiquitabanditaOption: D

Create BIOC rules based on the set of attribute-value pairs to automatically convert the leads into alerts.