Which built-in dashboard would be the best option for an executive, if they were looking for the Mean Time to Resolution (MTTR) metric?
A. Security Manager Dashboard
B. Data Ingestion Dashboard
C. Security Admin Dashboard
D. Incident Management Dashboard
An attacker tries to load dynamic libraries on macOS from an unsecure location. Which Cortex XDR module can prevent this attack?
A. DDL Security
B. Hot Patch Protection
C. Kernel Integrity Monitor (KIM)
D. Dylib Hijacking
What is the purpose of the Unit 42 team?
A. Unit 42 is responsible for automation and orchestration of products
B. Unit 42 is responsible for the configuration optimization of the Cortex XDR server
C. Unit 42 is responsible for threat research, malware analysis and threat hunting
D. Unit 42 is responsible for the rapid deployment of Cortex XDR agents
Which engine, of the following, in Cortex XDR determines the most relevant artifacts in each alert and aggregates all alerts related to an event into an incident?
A. Sensor Engine
B. Causality Analysis Engine
C. Log Stitching Engine
D. Causality Chain Engine
When selecting multiple Incidents at a time, what options are available from the menu when a user right-clicks the incidents? (Choose two.)
A. Assign incidents to an analyst in bulk.
B. Change the status of multiple incidents.
C. Investigate several Incidents at once.
D. Delete the selected Incidents.
Which of the following is an example of a successful exploit?
A. connecting unknown media to an endpoint that copied malware due to Autorun.
B. a user executing code which takes advantage of a vulnerability on a local service.
C. identifying vulnerable services on a server.
D. executing a process executable for well-known and signed software.
Where would you go to add an exception to exclude a specific file hash from examination by the Malware profile for a Windows endpoint?
A. Find the Malware profile attached to the endpoint, Under Portable Executable and DLL Examination add the hash to the allow list.
B. From the rules menu select new exception, fill out the criteria, choose the scope to apply it to, hit save.
C. Find the exceptions profile attached to the endpoint, under process exceptions select local analysis, paste the hash and save.
D. In the Action Center, choose Allow list, select new action, select add to allow list, add your hash to the
list, and apply it.
A. Enable DLL Protection on all endpoints but there might be some false positives.
B. Create Behavioral Threat Protection (BTP) rules to recognize and prevent the activity.
C. No step is required because Cortex shares IOCs with our fellow Cyber Threat Alliance members.
D. No step is required because the malicious document is already stopped.
When investigating security events, which feature in Cortex XDR is useful for reverting the changes on the endpoint?
A. Remediation Automation
B. Machine Remediation
C. Automatic Remediation
D. Remediation Suggestions
What is the function of WildFire for Cortex XDR?
A. WildFire runs in the cloud and analyses alert data from the XDR agent to check for behavioural threats.
B. WildFire is the engine that runs on the local agent and determines whether behavioural threats are occurring on the endpoint.
C. WildFire accepts and analyses a sample to provide a verdict.
D. WildFire runs entirely on the agent to quickly analyse samples and provide a verdict.