최신Palo Alto Networks Security Operations Professional - SecOps-Pro무료샘플문제

A. ML focuses on structured, high-volume data processing, whereas AI is dedicated to unstructured data, such as security logs and threat intelligence reports.

B. AI refers to the historical approach of using predefined, signature-based rules, while ML represents the modern shift toward unsupervised anomaly detection.

C. AI is the science of simulating human intelligence, whereas ML allows a system to learn and improve from experience without programming.

D. AI is a subfield of ML that specifically handles data labeling and feature engineering for deep learning algorithms.

A. Correlation rules

B. Identity Analytics

C. Log stitching

D. Pathfinder

A. Implement an on-premise WildFire appliance or subscribe to WildFire cloud for dynamic analysis, leveraging its proprietary threat intelligence feed.

B. Purchase commercial antivirus software with signature-based detection, as it is more effective against evasive malware.

C. Increase the frequency of VirusTotal API queries and integrate more community-contributed YARA rules.

D. Focus on network traffic analysis using NetFlow data, as file analysis is often insufficient for advanced threats.

E. Rely solely on open-source intelligence feeds and develop custom scripts for static analysis of the malware.

A. Sub-playbook

B. Conditional

C. Script creation

D. Data collection

A. Conducting vulnerability assessment and penetration testing

B. Managing procurement of IT hardware and software

C. Managing and configuring the monitoring tools

D. Deploying and configuring security technologies

A. Infrastructure, URL, Threat Actor, Tool

B. IP Address, Web Link, Adversary, Exploit Kit

C. IPv4, URI, Threat Group, Hacking Tool

D. Network Address, Hyperlink, Attacker, Weapon

A. Threat Intelligence Feed Match (e.g., C2 IP from Unit 42) and Affected Asset Criticality (e.g., Crown Jewel Asset). This combines technical indicators with business impact for effective prioritization.

B. File Hash Reputation (WildFire) and Endpoint OS Version. File hash is good for malware, but OS version isn't a primary exfiltration indicator.

C. Source IP Geolocation and Destination Port. While useful, these alone may not capture the full context of data exfiltration.

D. Alert Volume from a specific sensor and Protocol Used. Alert volume can be misleading, and protocol alone might not signify exfiltration.

E. Time of Day and User Department. These are primarily contextual and less indicative of immediate threat severity.

A. To display the compared artifacts with known bad SHA256 hashes

B. To build custom correlation rules using XQL

C. To be an extension of the Unit 42 incident response team

D. To serve as a cloud-based sandboxing and a malware analysis engine

A. To identify the root cause of alerts and provide a complete forensic timeline of events

B. To perform regular system backups and restore operations in case of failure

C. To prioritize critical alerts and reduce the overall number of alerts generated

D. To determine only the root cause of an attack and automatically remediate threats

A. Execute the Isolate Endpoint action, which automatically reverses all known malware-related changes upon successful isolation.

B. Initiate a Live Terminal session and use operating system commands to manually copy original files from a network share and import a clean registry hive.

C. Run the Search and Destroy action on all affected endpoints to automatically replace all files with a "good" hash from the content update package.

D. Use the Remediation Suggestions action to review and apply the recommended actions for restoring the files and registry values.