Palo_Alto_Networks
XDR-ENGINEER · Question #23
XDR-ENGINEER Question #23: Real Exam Question with Answer & Explanation
Sign in or unlock XDR-ENGINEER to reveal the answer and full explanation for question #23. The question stem and answer options stay visible for context.
Question
During a recent internal purple team exercise, the following recommendation is given to the detection engineering team: Detect and prevent command line invocation of Python on Windows endpoints by non-technical business units. Which rule type should be implemented?
Options
- AAnalytics Behavioral Indicator of Compromise (ABIOC)
- BBehavioral Indicator of Compromise (BIOC)
- CCorrelation
- DIndicator of Compromise (IOC)
Unlock XDR-ENGINEER to see the answer
You've previewed enough free XDR-ENGINEER questions. Unlock XDR-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.