ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCDRA
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following protection modules is checked first in the Cortex XDR Windows agent malware protection flow?
When is the wss (WebSocket Secure) protocol used?
When reaching out to TAC for additional technical support related to a Security Event; what are two critical pieces of information you need to collect from the Agent? (Choose Two)
You can star security events in which two ways? (Choose two.)
Why would one threaten to encrypt a hypervisor or, potentially, a multiple number of virtual machines running on a server?
What is the maximum number of agents one Broker VM local agent applet can support?
Where would you go to add an exception to exclude a specific file hash from examination by the Malware profile for a Windows endpoint?
What is the Wildfire analysis file size limit for Windows PE files?
In Windows and macOS you need to prevent the Cortex XDR Agent from blocking execution of a file based on the digital signer. What is one way to add an exception for the singer?
What does the following output tell us?

Question 39 - PCDRA discussion

Report
Export

Which Type of IOC can you define in Cortex XDR?

A.
destination port
Answers
A.
destination port
B.
e-mail address
Answers
B.
e-mail address
C.
full path
Answers
C.
full path
D.
App-ID
Answers
D.
App-ID
Suggested answer: C

Explanation:

Cortex XDR allows you to define IOCs based on various criteria, such as file hashes, registry keys, IP addresses, domain names, and full paths. A full path IOC is a specific location of a file or folder on an endpoint, such as C:\Windows\System32\calc.exe.You can use full path IOCs to detect and respond to malicious files or folders that are located in known locations on your endpoints12.

Let's briefly discuss the other options to provide a comprehensive explanation:

A) destination port: This is not the correct answer. Destination port is not a type of IOC that you can define in Cortex XDR. Destination port is a network attribute that indicates the port number to which a packet is sent.Cortex XDR does not support defining IOCs based on destination ports, but you can use XQL queries to filter network events by destination ports3.

B) e-mail address: This is not the correct answer. E-mail address is not a type of IOC that you can define in Cortex XDR. E-mail address is an identifier that is used to send and receive e-mails.Cortex XDR does not support defining IOCs based on e-mail addresses, but you can use the Cortex XDR - IOC integration with Cortex XSOAR to ingest IOCs from various sources, including e-mail addresses4.

D) App-ID: This is not the correct answer. App-ID is not a type of IOC that you can define in Cortex XDR. App-ID is a feature of Palo Alto Networks firewalls that identifies and controls applications on the network.Cortex XDR does not support defining IOCs based on App-IDs, but you can use the Cortex XDR Analytics app to create custom rules that use App-IDs as part of the rule logic5.

In conclusion, full path is the type of IOC that you can define in Cortex XDR. By using full path IOCs, you can enhance your detection and response capabilities and protect your endpoints from malicious files or folders.

Create an IOC Rule

XQL Reference Guide: Network Events Schema

Cortex XDR - IOC

Cortex XDR Analytics App

PCDRA: Which Type of IOC can define in Cortex XDR?

Show Answer
asked 23/09/2024
Latonya Ganison
27 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms