XDR-ANALYST Exam Questions
105 real XDR-ANALYST exam questions with expert-verified answers and explanations. Page 2 of 3.
- Question #51
What license would be required for ingesting external logs from various vendors?
- Question #52
An attacker tries to load dynamic libraries on macOS from an unsecure location. Which Cortex XDR module can prevent this attack?
- Question #53
What is the purpose of the Unit 42 team?
- Question #54
Which Type of IOC can you define in Cortex XDR?
- Question #55
When viewing the incident directly, what is the "assigned to" field value of a new Incident that was just reported to Cortex?
- Question #56
In incident-related widgets, how would you filter the display to only show incidents that were "starred"?
- Question #57
Where would you view the WildFire report in an incident?
- Question #58
What does the following output tell us?
- Question #59
Which engine, of the following, in Cortex XDR determines the most relevant artifacts in each alert and aggregates all alerts related to an event into an incident?
- Question #60
What occurs if a lookup table referenced in an XQL query is deleted from Cortex XDR?
- Question #61
What is the main benefit of using the Query Library in Cortex XDR?
- Question #62
What are two key characteristics of alerts generated from third-party integrations in Cortex XDR?
- Question #63
What is the primary purpose of Host Insights in Cortex XDR?
- Question #64
When is the wss (WebSocket Secure) protocol used?
- Question #65
With a Cortex XDR Prevent license, which objects are considered to be sensors?
- Question #66
Which license is required when deploying Cortex XDR agent on Kubernetes Clusters as a DaemonSet?
- Question #67
What kind of the threat typically encrypts user files?
- Question #68
When using the "File Search and Destroy" feature, which of the following search hash type is supported?
- Question #69
If you have an isolated network that is prevented from connecting to the Cortex Data Lake, which type of Broker VM setup can you use to facilitate the communication?
- Question #70
What is by far the most common tactic used by ransomware to shut down a victim's operation?
- Question #71
Cortex XDR Analytics can alert when detecting activity matching the following MITRE ATT&CKTM techniques.
- Question #72
When selecting multiple Incidents at a time, what options are available from the menu when a user right-clicks the incidents? (Choose two.)
- Question #73
A file is identified as malware by the Local Analysis module whereas WildFire verdict is Benign, Assuming WildFire is accurate. Which statement is correct for the incident?
- Question #74
In Cortex XDR, what action is taken once an incident is confirmed as benign?
- Question #75
Which of the following are valid use cases for using XQL in Cortex XDR? (Choose two)
- Question #76
Why is it important to regularly update Cortex XDR agents?
- Question #77
When reaching out to TAC for additional technical support related to a Security Event; what are two critical pieces of information you need to collect from the Agent? (Choose Two)
- Question #78
What types of actions you can execute with live terminal session?
- Question #79
Which version of python is used in live terminal?
- Question #80
What kind of malware uses encryption, data theft, denial of service, and possibly harassment to take advantage of a victim?
- Question #81
Which function describes the removal of a specific file from its location on a local or removable drive to a protected folder to prevent the file from being executed?
- Question #82
To stop a network-based attack, any interference with a portion of the attack pattern is enough to prevent it from succeeding. Which statement is correct regarding the Cortex XDR A...
- Question #83
Cortex XDR is deployed in the enterprise and you notice a cobalt strike attack via an ongoing supply chain compromise was prevented on 1 server. What steps can you take to ensure t...
- Question #84
What is the difference between presets and datasets in XQL?
- Question #85
What should you do to automatically convert leads into alerts after investigating a lead?
- Question #86
Which type of IOC can you define in Cortex XDR?
- Question #87
Which of the following Live Terminal options are available for Android systems?
- Question #88
Which search methods is supported by File Search and Destroy?
- Question #89
What is the primary purpose of using lookup tables in Cortex XDR?
- Question #90
Which reports can be generated or scheduled from the Cortex XDR dashboard? (Choose two)
- Question #91
What are two purposes of using the Pre-defined Query Builder Template in Cortex XDR? (Choose two)
- Question #92
Which features are supported by scheduled queries in Cortex XDR? (Choose two)
- Question #93
Which statement accurately describes the purpose of the Cortex XDR dashboard?
- Question #94
When conducting threat hunting using IOC data, what actions are typically taken? (Choose two)
- Question #95
Which two elements are part of alert evidence in Cortex XDR? (Choose two)
- Question #96
Phishing belongs to which of the following MITRE ATT&CK tactics?
- Question #97
When creating a BIOC rule, which XQL query can be used?
- Question #98
Which built-in dashboard would be the best option for an executive, if they were looking for the Mean Time to Resolution (MTTR) metric?
- Question #99
What are two purposes of "Respond to Malicious Causality Chains" in a Cortex XDR Windows Malware profile? (Choose two.)
- Question #100
When creating a custom XQL query in a dashboard, how would a user save that XQL query to the Widget Library?