NEW QUESTION 1
In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?

• A. Vendor
• B. Type
• C. Using
• D. Brand

Answer: A

NEW QUESTION 2
A General Purpose Dynamic Section can be added to which two layouts for incident types? (Choose two)

• A. "Close" Incident Form
• B. Incident Summary
• C. Incident Quick View
• D. "New"/Edit" Incident Form

Answer: BC

NEW QUESTION 3
Which four types of Traps logs are stored within Cortex Data Lake?

• A. Threat, Config, System, Data
• B. Threat, Config, System, Analytic
• C. Threat, Monito
• D. System, Analytic
• E. Threat, Config, Authentication, Analytic

Answer: B

NEW QUESTION 4
When analyzing logs for indicators, which are used for only BIOC identification'?

• A. observed activity
• B. artifacts
• C. techniques
• D. error messages

Answer: C

NEW QUESTION 5
How does DBot score an indicator that has multiple reputation scores?

• A. uses the most severe score scores
• B. the reputation as undefined
• C. uses the average score
• D. uses the least severe score

Answer: A

NEW QUESTION 6
An Administrator is alerted to a Suspicious Process Creation security event from multiple users.
The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )

• A. With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module
• B. Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist
• C. In the Cortex XDR security event, review the specific parent process, child process, and command line arguments
• D. Contact support and ask for a security exception.

Answer: BC

NEW QUESTION 7
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three )

• A. alert root cause
• B. hostname
• C. domain/workgroup membership
• D. OS
• E. presence of Flash executable

Answer: BCD

NEW QUESTION 8
How many use cases should a POC success criteria document include?

• A. only 1
• B. 3 or more
• C. no more than 5
• D. no more than 2

Answer: A

NEW QUESTION 9
What is the result of creating an exception from an exploit security event?

• A. White lists the process from Wild Fire analysis
• B. exempts the user from generating events for 24 hours
• C. exempts administrators from generating alerts for 24 hours
• D. disables the triggered EPM for the host and process involve

Answer: D

NEW QUESTION 10
If an anomalous process is discovered while investigating the cause of a security event, you can take immediate action to terminate the process or the whole process tree, and block processes from running by initiating which Cortex XDR capability?

• A. Live Sensors
• B. File Explorer
• C. Log Stitching
• D. Live Terminal

Answer: D

NEW QUESTION 11
What method does the Traps agent use to identify malware during a scheduled scan?

• A. Heuristic analysis
• B. Local analysis
• C. Signature comparison
• D. WildFire hash comparison and dynamic analysis

Answer: D

NEW QUESTION 12
Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?

• A. the relevant shell
• B. The causality group owner
• C. the adversary's remote process
• D. the chain's alert initiator

Answer: B

NEW QUESTION 13
Which two formats are supported by Whitelist? (Choose two)

• A. Regex
• B. STIX
• C. CSV
• D. CIDR

Answer: AD

NEW QUESTION 14
Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

• A. Response > Action Center
• B. the local console
• C. Telnet
• D. Endpoint > Endpoint Management

Answer: AD

NEW QUESTION 15
Which option is required to prepare the VDI Golden Image?

• A. Configure the Golden Image as a persistent VDI
• B. Use the Cortex XDR VDI tool to obtain verdicts for all PE files
• C. Install the Cortex XOR Agent on the local machine
• D. Run the Cortex VDI conversion tool

Answer: B

NEW QUESTION 16
Which CLI query would bring back Notable Events from Splunk?
A)

B)

C)

D)

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: D

NEW QUESTION 17
A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake. Where would the user configure the ratio of storage for each log type?

• A. Within the TMS, create an agent settings profile and modify the Disk Quota value
• B. It is not possible to configure Cortex Data Lake quota for specific log types.
• C. Go to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota
• D. Write a GPO for each endpoint agent to check in less often

Answer: C

NEW QUESTION 18
The certificate used for decryption was installed as a trusted root CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

• A. add paloaltonetworks com to the SSL Decryption Exclusion list
• B. enable SSL decryption
• C. disable SSL decryption
• D. reinstall the root CA certificate

Answer: D

NEW QUESTION 19
......