Palo Alto Networks Security Operations Professional v1.0

Page:    1 / 4   
Exam contains 60 questions
Expand All

Which two statements apply to creating scripts in Cortex XSOAR? (Choose two.)

  • A. They can be protected using a password.
  • B. They can be scheduled to run at a later time and day.
  • C. They can be written using Java.
  • D. They can be executed with higher permissions.


Answer : BD

Which two roles can access data model rules in Cortex XSIAM? (Choose two.)

  • A. Account admin
  • B. Deployment admin
  • C. Instance administrator
  • D. IT administrator


Answer : AC

Which two types of tasks are supported in Cortex XSIAM playbooks? (Choose two.)

  • A. Sub-playbook
  • B. Script creation
  • C. Conditional
  • D. Data collection


Answer : AC

Which scripting language would create a custom widget in Cortex XDR that shows the top five accounts with failed Windows logons in the past 24 hours?

  • A. XQL
  • B. JavaScript
  • C. Python
  • D. PowerShell


Answer : B

Which solution will minimize mean time to resolution (MTTR) when, as a result of previous malware infection, a company’s Windows endpoint is suffering a small amount of file corruption and modified registry keys?

  • A. Issue a new laptop from the help desk to expedite a clean system.
  • B. Use Live Terminal to connect to the machine and upload files to replace the corrupted files.
  • C. Use group policy objects to push new files and registry key changes to the endpoint.
  • D. Use remediation suggestions to restore the affected files and registry modifications.


Answer : D

With a Windows endpoint, what is required to remove the Cortex XDR agent when the endpoint is no longer online and cannot be managed directly from the management console?

  • A. A Cortex XDR administrator must provide the end user with an offline removal tool created in the management console.
  • B. When running the uninstaller, the administrator must enter an uninstall password from the management console.
  • C. An administrator must use Cytool to disable security protection on the endpoint with an uninstall password.
  • D. An administrator must disable the agent by opening the agent console from the system tray and entering a password.


Answer : C

Which sensor is used by Cortex XSIAM to identify and collect DNS queries, HTTP header, and DHCP information?

  • A. Windows Event Collector logs
  • B. Directory Sync logs
  • C. Pathfinder data collector
  • D. Enhanced application logs


Answer : C

What are two outcomes of threat intelligence in a SOC? (Choose two.)

  • A. Mitigation of potential risks to systems and data
  • B. Enablement of security operations teams to reduce workload through automation
  • C. Reduction of the number of alerts observed in an incident
  • D. Identification and detection of known threat verdicts to improve company security posture


Answer : AD

Which MITRE enterprise tactic will provide more information on the technique used by a threat actor who has successfully used PsExec to upload files to an internal server from a compromised workstation?

  • A. Privilege escalation
  • B. Lateral movement
  • C. Execution
  • D. Persistence


Answer : B

What is the main difference between artificial intelligence (AI) and machine learning (ML) in cybersecurity?

  • A. ML enables machines to learn from data, while AI enables machines to mimic human cognitive functions.
  • B. AI and ML are interchangeable terms that refer to preprogrammed rules which can detect threats.
  • C. ML is a broader discipline that includes AI, which focuses solely on natural language processing.
  • D. AI is used for automating responses, while ML manages hardware and network infrastructure.


Answer : A

What is the WildFire verdict on a sample that does not pose a direct security threat, but is shown to display obtrusive behavior?

  • A. Grayware
  • B. Unknown
  • C. Benign
  • D. Malware


Answer : A

What is the Cortex XSOAR Marketplace?

  • A. Searchable collection of third-party playbooks and data models
  • B. Development environment for creating and sharing third-party integrations
  • C. Digital storefront where Cortex XSOAR training credits can be purchased and used
  • D. Built-in repository of installable content, including integrations and automations


Answer : D

Which two functions are allowed when stitching logs in Cortex XDR? (Choose two.)

  • A. Providing real-time threat prevention or remediation of threats
  • B. Creating granular BIOC and correlation rules
  • C. Enabling creation of custom scripts for remediation of security incidents
  • D. Running investigation queries based on combined network and endpoint events


Answer : BD

Which two statements are relevant to reports in Cortex XDR? (Choose two.)

  • A. They can be sent in a password protected PDF version.
  • B. They can be automatically pushed to the corporate intranet.
  • C. They can use mock data for visualization.
  • D. They can have an attached screenshot of an XQL query widget.


Answer : AD

What is enabled by Role Based Access Control (RBAC) in Cortex XDR?

  • A. Management of permissions and assignment of administrator access rights.
  • B. Userility to manage Cortex XDR features based on job function.
  • C. Automated response to detected threats based on user roles.
  • D. Granular control and visibility over network traffic policies based on user roles.


Answer : B

Page:    1 / 4   
Exam contains 60 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy