XSIAM-Analyst Exam Question 41
Which type of alert in Cortex XSIAM is primarily based on endpoint telemetry and behavior?
Response:
Response:
XSIAM-Analyst Exam Question 42
Match the endpoint alert type with its response option:
Endpoint Alert Type
A) Known malware detected
B) Suspicious command line
C) Agent disconnected
D) Untrusted file download
Suggested Analyst Response
1. Run malware scan and isolate endpoint
2. Investigate via live terminal and collect logs
3. Validate operational status
4. Retrieve file and run indicator checks
Response:
Endpoint Alert Type
A) Known malware detected
B) Suspicious command line
C) Agent disconnected
D) Untrusted file download
Suggested Analyst Response
1. Run malware scan and isolate endpoint
2. Investigate via live terminal and collect logs
3. Validate operational status
4. Retrieve file and run indicator checks
Response:
XSIAM-Analyst Exam Question 43
Match each playbook component to its function:
Component
A) Conditional Task
B) Sub-playbook
C) Manual Task
D) Error Handling
Function
1. Executes different paths based on field values
2. Reusable sequence of steps
3. Waits for analyst input
4. Defines fallback steps if task fails
Response:
Component
A) Conditional Task
B) Sub-playbook
C) Manual Task
D) Error Handling
Function
1. Executes different paths based on field values
2. Reusable sequence of steps
3. Waits for analyst input
4. Defines fallback steps if task fails
Response:
XSIAM-Analyst Exam Question 44
An alert for malware propagation triggers an incident. The associated playbook isolates the endpoint and notifies the SOC team. What advantages does this approach provide?
(Choose two)
Response:
(Choose two)
Response:
XSIAM-Analyst Exam Question 45
While analyzing a phishing campaign, you need to validate domains. What steps can assist your analysis?
(Choose two)
Response:
(Choose two)
Response: