SECOPS-PRO Exam Questions
80 real SECOPS-PRO exam questions with expert-verified answers and explanations. Page 1 of 2.
- Question #1
Which component of Cortex XDR is designed to detect insider threats?
- Question #2
A new incident in Cortex XSIAM contains WildFire malware and Behavioral Threat Protection (BTP) alertsout an unsigned process attempting to dump the memory of Isass.exe. Which init...
- Question #3
A file hash is evaluated a Cortex XSOAR by using two unique threat feeds: - VirusTotal feed (rating of B- usually reliable) and the file verdict is malicious - AlienVault feed (rat...
- Question #4
A customer is investigating a security incident in which unusual network traffic is observed and a malicious process is identified on an endpoint. Which Cortex XDR capability assis...
- Question #5
Where can an administrator begin to grant a new non-SSO user access to a Cortex XDR tenant?
- Question #6
Where can the actions taken to stitch alerts together in Cortex XSIAM be viewed?
- Question #7
What determines the indicator layout displayed and the scripts that will run on an indicator of compromise (IOC) in Cortex XSIAM?
- Question #8
Which action is performed as the final step of the NIST incident response plan?
- Question #9
What is the purpose of incident types in Cortex XSOAR?
- Question #10
Which activities are facilitated through the War Room in Cortex XSOAR?
- Question #11
What are the primary functions of the Causality Analysis Engine in Cortex XDR?
- Question #12
How do indicator verdicts in Cortex XSOAR assist analysts in threat detection and response efforts?
- Question #13
What is the function of a Causality View?
- Question #14
What is a primary responsibility of an incident responder in a SOC?
- Question #15
How do sensors function in Cortex XSIAM?
- Question #16
In which scenario would an organization benefit from Cortex XDR compared to an EDR solution?
- Question #17
What does the analytics engine use to compare an entity to itself across different time periods using statistical methods?
- Question #18
Which action is the responsibility of the SOC manager?
- Question #19
What role does incident response play in handling cybersecurity incidents?
- Question #20
What is the expected behavior when an endpoint is isolated in Cortex XSIAM?
- Question #21
Which two statements apply to creating scripts in Cortex XSOAR? (Choose two.)
- Question #22
Which two roles can access data model rules in Cortex XSIAM? (Choose two.)
- Question #23
Which two types of tasks are supported in Cortex XSIAM playbooks? (Choose two.)
- Question #24
Which scripting language would create a custom widget in Cortex XDR that shows the top five accounts with failed Windows logons in the past 24 hours?
- Question #25
Which solution will minimize mean time to resolution (MTTR) when, as a result of previous malware infection, a company's Windows endpoint is suffering a small amount of file corrup...
- Question #26
With a Windows endpoint, what is required to remove the Cortex XDR agent when the endpoint is no longer online and cannot be managed directly from the management console?
- Question #27
Which sensor is used by Cortex XSIAM to identify and collect DNS queries, HTTP header, and DHCP information?
- Question #28
What are two outcomes of threat intelligence in a SOC? (Choose two.)
- Question #29
Which MITRE enterprise tactic will provide more information on the technique used by a threat actor who has successfully used PsExec to upload files to an internal server from a co...
- Question #30
What is the main difference between artificial intelligence (AI) and machine learning (ML) in cybersecurity?
- Question #31
What is the WildFire verdict on a sample that does not pose a direct security threat, but is shown to display obtrusive behavior?
- Question #32
What is the Cortex XSOAR Marketplace?
- Question #33
Which two functions are allowed when stitching logs in Cortex XDR? (Choose two.)
- Question #34
Which two statements are relevant to reports in Cortex XDR? (Choose two.)
- Question #35
What is enabled by Role Based Access Control (RBAC) in Cortex XDR?
- Question #36
What are two ways a security team assigns priority to security incidents in Cortex XDR? (Choose two.)
- Question #37
A custom PowerShell command is detected by Cortex XDR as a behavioral threat, and the administrator has confirmed it as a false positive. What is the most operationally efficient w...
- Question #38
An analyst investigating an incident using Cortex XSIAM confirms that the files involved are not malware, but wants to determine if the incident is a genuine threat or a false posi...
- Question #39
What is involved in the day-to-day role of a triage specialist?
- Question #40
Which two steps belong in the Cortex XSOAR incident lifecycle? (Choose two.)
- Question #41
What can be used to triage and determine if an artifact in Cortex XDR is malicious?
- Question #42
What is a benefit of using Unit 42 threat intelligence during a ransomware attack?
- Question #43
Which function eliminates the need for manual analysis in an organization with multiple data sensors?
- Question #44
How can an administrator run a Cortex XSOAR playbook regularly at a specific time and day of the week?
- Question #45
Which predefined role in the Cortex XDR tenant can view and triage incidents?
- Question #46
A security auditor must ensure adherence to which two regulatory compliance frameworks when reviewing a financial institution's data protection policies? (Choose two.)
- Question #47
How is WildFire typically used by Cortex XDR?
- Question #48
Which attribute is an advantage of SOAR over SIEM?
- Question #49
Which SOC tool allows an organization to aggregate logs from various sources for compliance, reporting, dashboarding, and threat hunting?
- Question #50
Which task should a threat hunter include in the investigation when a Cortex XDR incident contains alertsout a malicious process?