Palo_Alto_Networks
SECOPS-PRO · Question #61
SECOPS-PRO Question #61: Real Exam Question with Answer & Explanation
Sign in or unlock SECOPS-PRO to reveal the answer and full explanation for question #61. The question stem and answer options stay visible for context.
Question
A Security Operations Center (SOC) using Palo Alto Networks XSOAR for incident management receives a high volume of alerts daily. An analyst is tasked with prioritizing incidents related to potential data exfiltration. Which of the following incident categorization criteria, when combined, would MOST effectively facilitate accurate prioritization for data exfiltration incidents, considering both technical indicators and business impact?
Options
- ASource IP Geolocation and Destination Port. While useful, these alone may not capture the full
- BThreat Intelligence Feed Match (e.g., C2 IP from Unit 42) and Affected Asset Criticality (e.g.,
- CTime of Day and User Department. These are primarily contextual and less indicative of
- DAlert Volume from a specific sensor and Protocol Used. Alert volume can be misleading, and
- EFile Hash Reputation (WildFire) and Endpoint OS Version. File hash is good for malware, but OS
Unlock SECOPS-PRO to see the answer
You've previewed enough free SECOPS-PRO questions. Unlock SECOPS-PRO for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.