XSIAM-Analyst 試験問題を無料オンラインアクセス

While analyzing an active malware infection, what actions should an analyst take?
Response:

• A.Disconnect the firewall
• B.Isolate the endpoint
• C.Export logs to CSV
• D.Initiate live terminal session

A Cortex XSIAM analyst is reading a blog that references an unfamiliar critical zero-day vulnerability. This vulnerability has been weaponized, and there is evidence that it is being exploited by threat actors targeting a customer's industry. Where can the analyst go within Cortex XSIAM to learn more about this vulnerability and any potential impacts on the customer environment?

• A.Threat Intel Management -> Sample Analysis
• B.Threat Intel Management -> Indicators
• C.Attack Surface -> Attack Surface Rules
• D.Attack Surface -> Threat Response Center

What is the purpose of detection indicator rules?
Response:

• A.To define alert suppression criteria
• B.To correlate XDR agent policies
• C.To manage threat hunting queries
• D.To detect specific behaviors and generate alerts

A suspicious domain is repeatedly showing in alerts. What actions would escalate response?
(Choose two)
Response:

• A.Apply a block rule at perimeter
• B.Disable the alert connector
• C.Suppress the domain
• D.Create an indicator with a "malicious" verdict

An alert triggered by a correlation rule includes BIOC evidence and an IOC match. What can be inferred?
(Choose two)
Response:

• A.Correlation rules can aggregate different alert types
• B.The alert was triggered by external threat feeds only
• C.The alert contains evidence from multiple detection sources
• D.IOC-based alerts cannot be used in correlation