Palo_Alto_Networks
SECOPS-PRO · Question #68
SECOPS-PRO Question #68: Real Exam Question with Answer & Explanation
Sign in or unlock SECOPS-PRO to reveal the answer and full explanation for question #68. The question stem and answer options stay visible for context.
Question
A sophisticated APT group is observed using a custom, polymorphic malware variant. The only consistent indicator found across initial compromises is the use of a unique, newly registered domain (evil-command-control.xyz) for C2 communications, which is not yet widely known to public threat intelligence feeds. The security team needs to rapidly operationalize this domain indicator within their Cortex ecosystem for both prevention and detection.
Options
- ASubmit the domain to WildFire for analysis and await a verdict, then manually create a custom
- BIngest the domain into a custom 'Threat Intelligence Feed' within Cortex XSOAR, which then
- CLeverage Cortex XDR's 'Indicator Management' to directly import the domain. This will
- DModify the existing 'DNS Security Policy' on the NGFW to block all queries to .xyz top-level
- ECreate a custom 'AutoFocus Profile' for the domain evil-command-control.xyz and then use
Unlock SECOPS-PRO to see the answer
You've previewed enough free SECOPS-PRO questions. Unlock SECOPS-PRO for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.