XSIAM-Analyst Exam Question 36
An incident context tab shows:
- User = jsmith@corp
- Affected endpoints = 2
- Alerts = file modification, process injection
What can be concluded?
Response:
- User = jsmith@corp
- Affected endpoints = 2
- Alerts = file modification, process injection
What can be concluded?
Response:
XSIAM-Analyst Exam Question 37
Match the endpoint alert type with its response option:
Endpoint Alert Type
A) Known malware detected
B) Suspicious command line
C) Agent disconnected
D) Untrusted file download
Suggested Analyst Response
1. Run malware scan and isolate endpoint
2. Investigate via live terminal and collect logs
3. Validate operational status
4. Retrieve file and run indicator checks
Response:
Endpoint Alert Type
A) Known malware detected
B) Suspicious command line
C) Agent disconnected
D) Untrusted file download
Suggested Analyst Response
1. Run malware scan and isolate endpoint
2. Investigate via live terminal and collect logs
3. Validate operational status
4. Retrieve file and run indicator checks
Response:
XSIAM-Analyst Exam Question 38
In the Identity Threat Detection and Response (ITDR) module, what does "compromised identity" typically indicate?
Response:
Response:
XSIAM-Analyst Exam Question 39
Match each prioritization mechanism with its function:
Mechanism
A) Incident Scoring
B) Alert Starring
C) Featured Fields
D) Incident Domains
Function
1. Assigns dynamic priority to incidents
2. Manually flagging alerts for importance
3. Provide context for faster investigation
4. Group alerts by threat or identity dimension
Response:
Mechanism
A) Incident Scoring
B) Alert Starring
C) Featured Fields
D) Incident Domains
Function
1. Assigns dynamic priority to incidents
2. Manually flagging alerts for importance
3. Provide context for faster investigation
4. Group alerts by threat or identity dimension
Response:
XSIAM-Analyst Exam Question 40
What is the core purpose of attack surface rules?
Response:
Response: