Question 1

To create a BIOC rule with XQL query you must at a minimum filter on which field in order for it to be a valid BIOC rule?

Options :

A : causality_chain

B : endpoint_name

C : threat_event

D : event_type

Answer: D

Question 2

The Cortex XDR console has triggered an incident, blocking a vitally important piece of software inyour organization that is known to be benign. Which of the following options would prevent CortexXDR from blocking this software in the future, for all endpoints in your organization?

Options :

A : Create an individual alert exclusion.

B : Create a global inclusion.

C : Create an endpoint-specific exception.

D : Create a global exception.

Answer: D

Question 3

Which of the following represents a common sequence of cyber-attack tactics?

Options :

A : Actions on the objective Â» Reconnaissance Â» Weaponization & Delivery Â» Exploitation Â»Installation Â» Command & Control

B : Installation >> Reconnaissance Â» Weaponization & Delivery Â» Exploitation Â» Command & Control Â»Actions on the objective

C : Reconnaissance Â» Weaponization & Delivery Â» Exploitation Â» Installation Â» Command & Control Â»Actions on the objective

D : Reconnaissance >> Installation Â» Weaponization & Delivery Â» Exploitation Â» Command & Control Â»Actions on the objective

Answer: C

Question 4

Which of the following protection modules is checked first in the Cortex XDR Windows agent malware protection flow?

Options :

A : Hash Verdict Determination

B : Behavioral Threat Protection

C : Restriction Policy

D : Child Process Protection

Answer: A

Question 5

Which license is required when deploying Cortex XDR agent on Kubernetes Clusters as a DaemonSet?

Options :

A : Cortex XDR Pro per TB

B : Host Insights

C : Cortex XDR Pro per Endpoint

D : Cortex XDR Cloud per Host

Answer: D