최신Palo Alto Networks XSIAM Analyst - XSIAM-Analyst무료샘플문제
문제1
An analyst conducting a threat hunt needs to collect multiple files from various endpoints. The analyst begins the file retrieval process by using the Action Center, but upon review of the retrieved files, notices that the list is incomplete and missing files, including kernel files.
What could be the reason for this issue?
An analyst conducting a threat hunt needs to collect multiple files from various endpoints. The analyst begins the file retrieval process by using the Action Center, but upon review of the retrieved files, notices that the list is incomplete and missing files, including kernel files.
What could be the reason for this issue?
정답: D
설명: (ExamPassdump 회원만 볼 수 있음)
문제2
An incident in Cortex XSIAM contains the following series of alerts:
10:24:17 AM - Informational Severity - XDR Analytics BIOC - Rare
process execution in organization
10:24:18 AM - Low Severity - XDR BIOC - Suspicious AMSI DLL load
location
10:24:20 AM - Medium Severity - XDR Agent - WildFire Malware
11:57:04 AM - High Severity - Correlation - Suspicious admin account
creation
Which alert was responsible for the creation of the incident?
An incident in Cortex XSIAM contains the following series of alerts:
10:24:17 AM - Informational Severity - XDR Analytics BIOC - Rare
process execution in organization
10:24:18 AM - Low Severity - XDR BIOC - Suspicious AMSI DLL load
location
10:24:20 AM - Medium Severity - XDR Agent - WildFire Malware
11:57:04 AM - High Severity - Correlation - Suspicious admin account
creation
Which alert was responsible for the creation of the incident?
정답: A
설명: (ExamPassdump 회원만 볼 수 있음)
문제3
Which query will hunt for only incoming traffic from 99.99.99.99 when all log sources have been mapped to XDM?
Which query will hunt for only incoming traffic from 99.99.99.99 when all log sources have been mapped to XDM?
정답: A
설명: (ExamPassdump 회원만 볼 수 있음)
문제4
Which event can trigger a false positive alert in Cortex analytics?
Which event can trigger a false positive alert in Cortex analytics?
정답: B
설명: (ExamPassdump 회원만 볼 수 있음)
문제5
Why would an analyst schedule an XQL query?
Why would an analyst schedule an XQL query?
정답: A
설명: (ExamPassdump 회원만 볼 수 있음)
문제6
Which of the following actions is most appropriate in the Playground?
Which of the following actions is most appropriate in the Playground?
정답: A
문제7
While working an incident a Cortex XSIAM analyst notices that important data is not being collected from an affected machine. The data identified is process ID (PID) of the parent process and signature or signing certificate details.
Which determination should the analyst make after reviewing the agent setting profile?
While working an incident a Cortex XSIAM analyst notices that important data is not being collected from an affected machine. The data identified is process ID (PID) of the parent process and signature or signing certificate details.
Which determination should the analyst make after reviewing the agent setting profile?
정답: C
설명: (ExamPassdump 회원만 볼 수 있음)
문제8
In which two locations can mapping be configured for indicators? (Choose two.)
In which two locations can mapping be configured for indicators? (Choose two.)
정답: C,D
설명: (ExamPassdump 회원만 볼 수 있음)