Examice

Exam PSE-Cortex All QuestionsBrowse all questions from this exam

Question 4

Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command-and-control (C2) traffic.

What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall?

Have XSOAR automatically add the IP address to a threat intelligence management (TIM) malicious IP list to elevate priority of future alerts.

Have XSOAR automatically add the IP address to a deny rule in the firewall.

Have XSOAR automatically add the IP address to an external dynamic list (EDL) used by the firewall.

Have XSOAR automatically create a NetOps ticket requesting a configuration change to the firewall to block the IP.

Correct Answer: C

The best method to block an IP address involved in command-and-control (C2) traffic without requiring a configuration change on the firewall is to have XSOAR automatically add the IP address to an external dynamic list (EDL) used by the firewall. EDLs are lists that can be dynamically updated and referenced by firewall policies to block or allow traffic. This method allows the firewall to automatically update its blocking rules based on the latest threat intelligence without needing manual configuration changes.

Discussion

5688ac9Option: C

C is correct