SecOps-Pro Exam Question 76

A sophisticated adversary has managed to bypass initial defenses and establish persistence on several critical domain controllers within an enterprise network. Cortex XDR has detected anomalous behavior, specifically a series of unusual PowerShell commands executed by a service account that typically performs automated tasks. The SOC team suspects the service account's credentials have been compromised. To effectively scope the breach and understand the full extent of the adversary's access, which combination of Cortex XDR's elements and investigative techniques would yield the most comprehensive intelligence on both the compromised user (service account) and the affected assets (domain controllers)?
  • SecOps-Pro Exam Question 77

    You are a lead security engineer at a large enterprise, tasked with optimizing the organization's threat intelligence pipeline for maximum effectiveness against polymorphic malware and advanced persistent threats (APTs). The current setup primarily relies on basic SIEM correlation and generic firewall rules. Your goal is to implement a solution that provides real-time, context-rich intelligence, automates detection of unknown threats, and enables proactive defense. Which of the following architectural and operational decisions would be most aligned with achieving these objectives?
  • SecOps-Pro Exam Question 78

    A Security Operations Center (SOC) analyst is investigating a critical alert in Cortex XDR related to a suspicious PowerShell script execution detected on a Windows endpoint. The alert indicates 'Exploit Attempt - Malicious Script'. Upon initial review, the analyst observes that the script attempted to establish an outbound connection to a known malicious IP address and download a secondary payload. The SOC needs to quickly contain the threat, gather forensic data, and understand the full scope of the attack. Which of the following Cortex XDR elements and actions would be most effective in addressing this incident, considering both detection and response capabilities?
  • SecOps-Pro Exam Question 79

    Consider the following XQL query snippet designed for a Cortex XSIAM custom detection rule:

    This rule aims to detect suspicious downloads via command-line interpreters. Which of the following statements accurately describes the intent, potential limitations, or further enhancements for this XQL rule in a real-world threat detection scenario within Cortex XSIAM?
  • SecOps-Pro Exam Question 80

    A SOC analyst is investigating a series of suspicious outbound connections from an internal server to an unknown IP address on port 4444. The SIEM has flagged this activity as 'High' severity. What is the most effective initial course of action for the analyst, prioritizing containment and data gathering?