Palo_Alto_Networks
XDR-ENGINEER · Question #43
XDR-ENGINEER Question #43: Real Exam Question with Answer & Explanation
Sign in or unlock XDR-ENGINEER to reveal the answer and full explanation for question #43. The question stem and answer options stay visible for context.
Question
A Custom Prevention rule that was determined to be a false positive alert needs to be tuned. The behavior was determined to be authorized and expected on the affected endpoint. Based on the image below, which two steps could be taken? (Choose two.) [Image description: A Custom Prevention rule configuration, assumed to trigger a Behavioral Indicator of Compromise (BIOC) alert for authorized behavior]
Options
- AApply an alert exception
- BApply an alert exclusion to the XDR behavioral indicator of compromise (BIOC) alert
- CApply an alert exclusion to the XDR agent alert
- DModify the behavioral indicator of compromise (BIOC) logic
Unlock XDR-ENGINEER to see the answer
You've previewed enough free XDR-ENGINEER questions. Unlock XDR-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.