Examice

Exam PCDRA All QuestionsBrowse all questions from this exam

Go to Exam

Question 39

Which of the following represents the correct relation of alerts to incidents?

Only alerts with the same host are grouped together into one Incident in a given time frame.

Alerts that occur within a three hour time frame are grouped together into one Incident.

Alerts with same causality chains that occur within a given time frame are grouped together into an Incident.

Every alert creates a new Incident.

Correct Answer: C

Alerts with the same causality chains that occur within a given time frame are grouped together into an Incident. This grouping helps to manage and investigate related security events more efficiently by associating alerts that likely originate from the same root cause or attack chain.

Discussion

escarOption: C

Alerts on the same causality chain are grouped with the same incident if an open incident already exists. Otherwise, the new incoming alert will create a new incident. https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Investigate-Incidents

FlkyOption: C

I vote C

abd1234Option: C

A is %100 wrong

ChiquitabanditaOption: C

found in the admin guide link

GGP23Option: C

I vote C

mogulmungiOption: C

I vote C

Davina07Option: C

I vote C