List of questions
Related questions
Question 21 - PCDRA discussion
As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to open a malicious Word document. You learn from the WildFire report and AutoFocus that this document is known to have been used in Phishing campaigns since 2018. What steps can you take to ensure that the same document is not opened by other users in your organization protected by the Cortex XDR agent?
A.
Enable DLL Protection on all endpoints but there might be some false positives.
B.
Create Behavioral Threat Protection (BTP) rules to recognize and prevent the activity.
C.
No step is required because Cortex shares IOCs with our fellow Cyber Threat Alliance members.
D.
No step is required because the malicious document is already stopped.
Your answer:
0 comments
Sorted by
Leave a comment first