nerdexam
Palo_Alto_Networks

XDR-ENGINEER · Question #26

XDR-ENGINEER Question #26: Real Exam Question with Answer & Explanation

The correct answer is D. dataset = xdr_data| filter event_type = ENUM.PROCESS and action_process_image_name =. See the full explanation below for the reasoning.

Question

Which XQL query can be saved as a behavioral indicator of compromise (BIOC) rule, then converted to a custom prevention rule?

Options

  • Adataset = xdr_data| filter event_type = ENUM.DEVICE and action_process_image_name = "**"and
  • Bdataset = xdr_data| filter event_type = ENUM.PROCESS and event_type = ENUM.DEVICE and
  • Cdataset = xdr_data| filter event_type = FILE and (event_sub_type = FILE_CREATE_NEW or
  • Ddataset = xdr_data| filter event_type = ENUM.PROCESS and action_process_image_name =

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full XDR-ENGINEER Practice
Which XQL query can be saved as a behavioral indicator of... | XDR-ENGINEER Q#26 Answer | NerdExam