Palo_Alto_Networks

SECOPS-PRO · Question #2

SECOPS-PRO Question #2: Real Exam Question with Answer & Explanation

The correct answer is B. True positive. Alerts from WildFire and Behavioral Threat Protection on an unsigned process dumping LSASS memory indicate malicious activity, making it a true positive.

Question

A new incident in Cortex XSIAM contains WildFire malware and Behavioral Threat Protection (BTP) alertsout an unsigned process attempting to dump the memory of Isass.exe. Which initial verdict applies to this incident?

Options

AFalse positive
BTrue positive
CFalse negative
DTrue negative

Explanation

Alerts from WildFire and Behavioral Threat Protection on an unsigned process dumping LSASS memory indicate malicious activity, making it a true positive.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion

Full SECOPS-PRO Practice