When analyzing logs for indicators, which are used for only BIOC identification'?

A. observed activity

B. artifacts

C. techniques

D. error messages

What is the result of creating an exception from an exploit security event?

A. White lists the process from Wild Fire analysis

B. exempts the user from generating events for 24 hours

C. exempts administrators from generating alerts for 24 hours

D. disables the triggered EPM for the host and process involve

Which two log types should be configuredfor firewall forwarding to the Cortex Data Lake for use by Cortex XDR?(Choose two)

A. Security Event

B. HIP

C. Correlation

D. Analytics

Which two formats are supported by Whitelist? (Choose two)

A. Regex

B. STIX

C. CSV

D. CIDR

How do sub-playbooks affect the Incident Context Data?

A. When set to private, task outputs do not automatically get written to the root context

B. When set to private, task outputs automatically get written to the root context

C. When set to global, allows parallel task execution.

D. When set to global, sub-playbook tasks do not have access to the root context

What is the difference between an exception and an exclusion?

A. An exception is based on rules and exclusions are on alerts

B. An exclusion is based on rules and exceptions are based on alerts.

C. An exception does not exist

D. An exclusion does not exist

What method does the Traps agent use to identify malware during a scheduled scan?

A. Heuristic analysis

B. Local analysis

C. Signature comparison

D. WildFire hash comparison and dynamic analysis

An EDR project was initiated by a CISO. Which resource will likely have the most heavy influence on the project?

A. desktop engineer

B. SOC manager

C. SOC analyst IT

D. operations manager

Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

A. Response > Action Center

B. the local console

C. Telnet

D. Endpoint > Endpoint Management

An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them

How should an administrator perform this evaluation?

A. Gather information about the word processing applications and run them on a Windows XP SP3 VM Determine if any of the applications are vulnerable and run the exploit with an exploitation tool

B. Run word processing exploits in a latest version of Windows VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities

C. Run a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities

D. Prepare the latest version of Windows VM Gather information about the word processing applications, determine if some of them are vulnerable and prepare a working exploit for at least one of them Execute with an exploitation tool