SecOps-Pro Exam Question 31

A cybersecurity team is building a new threat hunting workflow They need to regularly (e.g., every hour) query a SIEM for suspicious activity, enrich the findings with data from an EDR, and if a high-fidelity alert is generated, create a new incident in XSOAR. If no high-fidelity alerts are found, a summary log should still be recorded. Which combination of XSOAR components would provide the most efficient and maintainable solution?
  • SecOps-Pro Exam Question 32

    Consider a scenario where a Palo Alto Networks NGFW detects a highly evasive, custom malware attempting to exfiltrate dat a. The malware uses DNS over HTTPS (DOH) to bypass traditional DNS filtering and establish C2 communication. The SOC'S current policy on the NGFW is to block known malicious DOH domains. What additional NGFW security profile, or combination thereof, should be enabled and tuned to detect and prevent such advanced exfiltration, assuming the SOC also employs Cortex XDR and WildFire?
  • SecOps-Pro Exam Question 33

    A Security Operations Center (SOC) analyst observes a high volume of failed login attempts from a seemingly legitimate IP address to multiple critical internal systems, indicative of a potential brute-force attack. The CISO mandates immediate automated containment. Which of the following Cortex XSIAM Playbook actions, when orchestrated, would most effectively and efficiently address this scenario while minimizing false positives and disruption?
  • SecOps-Pro Exam Question 34

    A security analyst is investigating a potential insider threat scenario in Cortex XSIAM. They suspect a user is exfiltrating data via an unsanctioned cloud storage service. The SOC receives logs from various sources, including endpoint activity, proxy servers, and firewall logs. To effectively detect this, which of the following Cortex XSIAM capabilities are crucial for ingesting and correlating the necessary data points, and why?
  • SecOps-Pro Exam Question 35

    During a malware outbreak, a Palo Alto Networks security engineer needs to quickly determine if any newly submitted files to WildFire from endpoints are exhibiting specific command-and-control (C2) beaconing patterns or attempting to exploit a recently discovered zero-day vulnerability. Which of the following Cortex XDR and WildFire features or functionalities would be most effective for this real- time monitoring and proactive threat hunting, and why?