Question 1

To create a BIOC rule with XQL query you must at a minimum filter on which field in order for it to be a valid BIOC rule?

Options :

A : causality_chain

B : endpoint_name

C : threat_event

D : event_type

Answer: D

Question 2

Which license is required when deploying Cortex XDR agent on Kubernetes Clusters as a DaemonSet?

Options :

A : Cortex XDR Pro per TB

B : Host Insights

C : Cortex XDR Pro per Endpoint

D : Cortex XDR Cloud per Host

Answer: D

Question 3

The Cortex XDR console has triggered an incident, blocking a vitally important piece of software inyour organization that is known to be benign. Which of the following options would prevent CortexXDR from blocking this software in the future, for all endpoints in your organization?

Options :

A : Create an individual alert exclusion.

B : Create a global inclusion.

C : Create an endpoint-specific exception.

D : Create a global exception.

Answer: D

Question 4

Where can SHA256 hash values be used in Cortex XDR Malware Protection Profiles?

Options :

A : in the macOS Malware Protection Profile to indicate allowed signers

B : in the Linux Malware Protection Profile to indicate allowed Java libraries

C : SHA256 hashes cannot be used in Cortex XDR Malware Protection Profiles

D : in the Windows Malware Protection Profile to indicate allowed executables

Answer: D

Question 5

In the deployment of which Broker VM applet are you required to install a strong cipher SHA256-based SSL certificate?

Options :

A : Agent Proxy

B : Agent Installer and Content Caching

C : Syslog Collector

D : CSV Collector

Answer: B