nerdexam
Palo_Alto_Networks

PCCSE · Question #182

Which alert deposition severity must be chosen to generate low and high severity alerts in the Anomaly settings when user wants to report on an unknown browser and OS, impossible time travel, or both

The correct answer is B. Aggressive. In Prisma Cloud Anomaly settings, the 'Aggressive' disposition generates both low and high severity alerts, casting the widest detection net. This is required when you want to catch account hijacking signals such as logins from an unknown browser/OS combination or impossible trav

Security Operations and Incident Response

Question

Which alert deposition severity must be chosen to generate low and high severity alerts in the Anomaly settings when user wants to report on an unknown browser and OS, impossible time travel, or both due to account hijacking attempts?

Options

  • AHigh
  • BAggressive
  • CModerate
  • DConservative

How the community answered

(38 responses)
  • A
    3% (1)
  • B
    89% (34)
  • C
    5% (2)
  • D
    3% (1)

Explanation

In Prisma Cloud Anomaly settings, the 'Aggressive' disposition generates both low and high severity alerts, casting the widest detection net. This is required when you want to catch account hijacking signals such as logins from an unknown browser/OS combination or impossible travel (geographically implausible logins in a short timeframe). Conservative generates only high-severity alerts, Moderate is in between, and High is not a valid disposition option in this context.

Topics

#Anomaly Detection#User Behavior Analytics#Account Takeover Protection#Alert Configuration

Community Discussion

No community discussion yet for this question.

Full PCCSE Practice