Examice

Exam PSE-Cortex All QuestionsBrowse all questions from this exam

Go to Exam

Question 27

Which statement applies to the malware protection flow in Cortex XDR Prevent?

Local static analysis happens before a WildFire verdict check.

In the final step, the block list is verified.

A trusted signed file is exempt from local static analysis.

Hash comparisons come after local static analysis.

Correct Answer: C

A trusted signed file is exempt from local static analysis. In Cortex XDR Prevent, if a file is signed by a trusted signer, the agent permits the file to run without performing additional analysis. This is because the trust in the signer's reputation allows the system to bypass further checks.

Discussion

TeachTrooperOption: C

C should be correct

garcemOption: C

C is Correct, in local analysis, if the file is signed by a known signer, the Cortex XDR agent permits the file to run and does not perform additional analysis. https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/File-Analysis-and-Protection-Flow

5688ac9Option: C

C is correct