Palo_Alto_Networks
SECOPS-PRO · Question #67
SECOPS-PRO Question #67: Real Exam Question with Answer & Explanation
Sign in or unlock SECOPS-PRO to reveal the answer and full explanation for question #67. The question stem and answer options stay visible for context.
Question
During a forensic investigation using Cortex XDR, an analyst discovers a persistent backdoor communicating with an external IP address (192.0. 2.100). The analyst needs to quickly determine if this IP address is associated with known malicious activity and implement a preventative measure. Which of the following actions, leveraging Cortex products, would be the most efficient and comprehensive approach?
Options
- AManually add 192.0.2.100 to a custom Block List on the Next-Generation Firewall (NGFW) and
- BUtilize Cortex XSOAR to orchestrate a lookup of 192 .0.2.100 against multiple integrated threat
- CInitiate a 'Live Response' session in Cortex XDR on affected endpoints to block outbound
- DPerform a 'Packet Capture' in Cortex XDR for all traffic to and from 192.0.2.100 to gather more
- ECreate a new 'Alert Rule' in Cortex XDR specifically for connections to 192.0.2. lee to monitor
Unlock SECOPS-PRO to see the answer
You've previewed enough free SECOPS-PRO questions. Unlock SECOPS-PRO for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.