Question 1

What information is provided in the timeline view of Cortex XSIAM?

Options :

A : Detailed overview of behavior or activity that triggered an Analytics Alert, Analytics BIOC alert or correlation rule

B : Graphic representation of an event Causality Instance (CI) with additional capabilities to enable further analysis

C : Tab within an incident where analysts can collaborate and initiate further actions and automations

D : Sequence of events, alerts, rules and other actions involved over the lifespan of an incident

Answer: D

Question 2

An incident in Cortex XSIAM contains the following series of alerts:10:24:17 AM - Informational Severity - XDR Analytics BIOC - Rare process execution in organization10:24:18 AM - Low Severity - XDR BIOC - Suspicious AMSI DLL load location10:24:20 AM - Medium Severity - XDR Agent - WildFire Malware11:57:04 AM - High Severity - Correlation - Suspicious admin account creationWhich alert was responsible for the creation of the incident?

Options :

A : Suspicious AMSI DLL load location

B : Rare process execution in organization

C : Suspicious admin account creation

D : WildFire Malware

Answer: B

Question 3

Which type of analytics will trigger the alert on the image shown?

Options :

A : Contextual

B : Baseline

C : Behavioral

D : Anomaly

Answer: D

Question 4

Which pane in the User Risk View will identify the country from which a user regularly logs in, based on the past few weeks of data?

Options :

A : Login Attempts

B : Common Locations

C : Actual Activity

D : Latest Authentication Attempts

Answer: B

Question 5

Which configuration will ensure any alert involving a specific critical asset will always receive a score of 100?

Options :

A : An asset as critical in Asset Inventory

B : SmartScore to apply the specific score to the critical asset

C : A user scoring rule for the critical asset

D : A risk scoring policy for the critical asset

Answer: D