Palo_Alto_Networks
SECOPS-PRO · Question #63
SECOPS-PRO Question #63: Real Exam Question with Answer & Explanation
Sign in or unlock SECOPS-PRO to reveal the answer and full explanation for question #63. The question stem and answer options stay visible for context.
Question
A threat intelligence team produces a report on a new APT group known for targeting specific industry sectors using novel obfuscation techniques. This report includes IOCs (Indicators of Compromise) and TTPs (Tactics, Techniques, and Procedures). How should this intelligence be integrated into an organization's incident categorization and prioritization process to maximize its impact?
Options
- AThe IOCs should be immediately blocked at the firewall, and the TTPs added to a static incident
- BThe IOCs should be used to create new detection rules with a 'Critical' severity, and the TTPs
- CThe report should be circulated to all IT staff for awareness, and any alerts matching the IOCs
- DOnly the IOCs should be ingested into the SIEM as watchlists, and TTPs should be ignored as
- EThe intelligence should primarily be used for retrospective hunting exercises and not directly
Unlock SECOPS-PRO to see the answer
You've previewed enough free SECOPS-PRO questions. Unlock SECOPS-PRO for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.