Which Cortex XDR capability allows for the immediate termination of a process discovered during investigation of a security event?
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?
What is the requirement for enablement of endpoint and network analytics in Cortex XDR?
Which Cortex XDR license is required for a customer that requests endpoint detection and response (EDR) data collection capabilities?
On a multi-tenanted v6.2 Cortex XSOAR server, which path leads to the server.log for "Tenant1"?
What is the recommended first step in planning a Cortex XDR deployment?
What must a customer deploy prior to collecting endpoint data in Cortex XSIAM?
How can the required log ingestion license be determined when sizing a Cortex XSIAM deployment?
Within Cortex XSIAM, how does the integration of Attack Surface Management (ASM) provide a unified approach to security event management that traditional SIEMs typically lack?
Which Linux OS command will manually load Docker images onto the Cortex XSOAR server in an air-gapped environment?
How does DBot score an indicator that has multiple reputation scores?
Which statement best describes the benefits of the combination of Prisma Cloud, Cortex Xpanse, and partner services?
Which attack method is a result of techniques designed to gain access through vulnerabilities in the code of an operating system (OS) or application?
An adversary is attempting to communicate with malware running on your network for the purpose of controlling malware activities or for ex filtrating data from your network. Which Cortex XDR Analytics alert is this activity most likely to trigger'?
Which statement applies to the differentiation of Cortex XDR from security information and event management (SIEM)?
What is the primary purpose of Cortex XSIAM’s machine learning led design?
What is the function of reputation scoring in the Threat Intelligence Module of Cortex XSIAM?
When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the REST API?
What does the Cortex XSOAR "Saved by Dbot" widget calculate?
A prospective customer is interested in Cortex XDR but is enable to run a product evaluation.
Which tool can be used instead to showcase Cortex XDR?
Which four types of Traps logs are stored within Cortex Data Lake?
Cortex XDR external data ingestion processes ingest data from which sources?
A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake.
Where would the user configure the ratio of storage for each log type?
An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.
What is the safest way to do it?
What are two ways Cortex XSIAM monitors for issues with data ingestion? (Choose two.)
Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types? (Choose three.)
Which solution profiles network behavior metadata, not payloads and files, allowing effective operation regardless of encrypted or unencrypted communication protocols, like HTTPS?
Which Cortex XSIAM license is required if an organization needs to protect a cloud Kubernetes host?
How does an "inline" auto-extract task affect playbook execution?
How does a clear understanding of a customer’s technical expertise assist in a hand off following the close of an opportunity?
What is a requirement when integrating Cortex XSIAM or Cortex XDR with other Palo Alto Networks products?
What is the difference between the intel feed’s license quotas of Cortex XSOAR Starter Edition and Cortex XSOAR (SOAR + TIM)?
What is a benefit offered by Cortex XSOAR?
When preparing for a Cortex XSOAR proof of value (POV), which task should be performed before the evaluation is requested?
Which task setting allows context output to a specific key?
Which option describes a Load-Balancing Engine Group?
A General Purpose Dynamic Section can be added to which two layouts for incident types? (Choose two)
How can Cortex XSOAR save time when a phishing incident occurs?
An antivirus refresh project was initiated by the IT operations executive. Who is the best source for discussion about the project's operational considerations'?
Which two formats are supported by Whitelist? (Choose two)
A Cortex XSOAR customer has a phishing use case in which a playbook has been implemented with one of the steps blocking a malicious URL found in an email reported by one of the users.
What would be the appropriate next step in the playbook?
Which option is required to prepare the VDI Golden Image?
Which two entities can be created as a BIOC? (Choose two.)
Rearrange the steps into the correct order for modifying an incident layout.
In an Air-Gapped environment where the Docker package was manually installed after the Cortex XSOAR installation which action allows Cortex XSOAR to access Docker?
Which service helps uncover attackers wherever they hide by combining world-class threat hunters with Cortex XDR technology that runs on integrated endpoint, network, and cloud data sources?
What is the size of the free Cortex Data Lake instance provided to a customer who has activated a TMS tenant, but has not purchased a Cortex Data Lake instance?
What is the result of creating an exception from an exploit security event?
Which two methods does the Cortex XDR agent use to identify malware during a scheduled scan? (Choose two.)
Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )