PSE-Cortex Exam QuestionsBrowse all questions from this exam

PSE-Cortex Exam - Question 7


A Cortex XSOAR customer has a phishing use case in which a playbook has been implemented with one of the steps blocking a malicious URL found in an email reported by one of the users.

What would be the appropriate next step in the playbook?

Show Answer
Correct Answer: AC

After blocking a malicious URL found in an email, the next critical step would be to inform the CISO (Chief Information Security Officer) about the incident. This ensures that the organization's leadership is aware of the potential threat and can take necessary actions such as further investigation, response coordination, and communication with other stakeholders. Disabling the user's email account, confirming with the user, or changing the password are actions that depend on further assessment and instructions from the security team. Immediate notification to the CISO keeps the incident response process aligned with the organization's security policies and procedures.

Discussion

5 comments
Sign in to comment
TeachTrooperOption: D
Jun 5, 2024

I think C is not correct, it should be D

f1b354aOption: C
Jun 26, 2024

Per the Cortex Help Center Documentation

5688ac9Option: C
Jul 11, 2024

C is correct, the remediation options are search & delete email and block indicators

garcemOption: D
Jul 14, 2024

i think D is correct

garcemOption: C
Jul 14, 2024

the most appropriate next step is to email the user to confirm that the reported email was phishing. This confirmation is crucial for maintaining effective communication and ensuring proper incident handling.