Do you know that you can access more real exam questions via Premium Access? ()
What should you do to automatically convert leads into alerts after investigating a lead?
Answer : B
To automatically convert leads into alerts after investigating a lead, you should create IOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting. IOC rules are used to detect known threats based on indicators of compromise (IOCs) such as file hashes, IP addresses, domain names, etc. By creating IOC rules from the leads, you can prevent future occurrences of the same threats and generate alerts for them.Reference:
Cortex XDR 3: Handling Cortex XDR Alerts, section 3.2
Cortex XDR Documentation, section ''Create IOC Rules''
Which of the following Live Terminal options are available for Android systems?
Answer : D
Cortex XDR supports Live Terminal for Android systems, which allows you to remotely access and manage Android endpoints using a command-line interface. You can use Live Terminal to run Android commands, such asadb shell,adb logcat,adb install, andadb uninstall. You can also use Live Terminal to view and modify files, directories, and permissions on the Android endpoints. Live Terminal for Android systems does not support stopping an app or running APK scripts.Reference:
Cortex XDR documentation portal
Initiate a Live Terminal Session
Which search methods is supported by File Search and Destroy?
Answer : B
File Search and Destroy is a feature of Cortex XDR that allows you to search for and remove malicious files from endpoints. You can use this feature to find files by their hash, full path, or partial path using regex parameters. You can then select the files from the search results and destroy them by hash or by path. When you destroy a file by hash, all the file instances on the endpoint are removed. File Search and Destroy is useful for quickly responding to threats and preventing further damage.Reference:
Search and Destroy Malicious Files
Cortex XDR Pro Administrator Guide
In the Cortex XDR console, from which two pages are you able to manually perform the agent upgrade action? (Choose two.)
Answer : A, D
To manually upgrade the Cortex XDR agents, you can use theAsset Managementpage or theEndpoint Administrationpage in the Cortex XDR console. On the Asset Management page, you can select one or more endpoints and clickActions > Upgrade Agent. On the Endpoint Administration page, you can select one or more agent versions and clickUpgrade. You can also schedule automatic agent upgrades using theAgent Installationspage.Reference:
Asset Management
Endpoint Administration
Agent Installations
What motivation do ransomware attackers have for returning access to systems once their victims have paid?
Answer : C
Ransomware attackers have a motivation to return access to systems once their victims have paid because they want to maintain their reputation and credibility. If they fail to restore access to systems, they risk losing the trust of future victims who may not believe that paying the ransom will result in getting their data back. This would reduce the effectiveness and profitability of their scheme. Therefore, ransomware attackers have an incentive to honor their promises and decrypt the data after receiving the ransom.Reference:
What is the motivation behind ransomware? | Foresite
As Ransomware Attackers' Motives Change, So Should Your Defense - Forbes