Online Access Free XSIAM-Analyst Exam Questions

Match the XQL query component to its function:
XQL Component
A) dataset
B) filter
C) fields
D) limit
Function
1. Specifies the data source
2. Reduces rows based on condition
3. Selects specific columns
4. Restricts number of rows returned
Response:

• A.A-1, B-2, C-3, D-4
• B.A-4, B-2, C-3, D-1
• C.A-1, B-3, C-2, D-4
• D.A-1, B-4, C-3, D-2

An analyst is investigating suspicious lateral movement. Which two types of forensic evidence are most helpful?
Response:

• A.Remote login event logs
• B.Browser cache
• C.PowerShell command history
• D.Font configuration files

Which of the following is NOT a task type in Cortex XSIAM playbooks?
Response:

• A.Manual task
• B.Reinforcement task
• C.Automation script
• D.Conditional task

Which two actions can an analyst take to reduce the number of false positive alerts generated by a custom BIOC? (Choose two.)

• A.Implement an alert exclusion rule.
• B.Implement a shunt in a BIOC bypass rule
• C.Implement a global exception in the prevention profile.
• D.Implement a BIOC rule exception

Matching - Threat Intelligence Action to Outcome
Action
A) Import indicator list
B) Set verdict to malicious
C) Build detection rule
D) Create indicator relationship
Outcome
1. Adds IOCs for detection/prevention
2. Enables blocking and alert generation
3. Triggers alert on indicator match
4. Visualizes contextual links
Response:

• A.A-1, B-2, C-3, D-4
• B.A-1, B-2, C-3, D-4
• C.A-1, B-2, C-3, D-4
• D.A-1, B-2, C-3, D-4