Phishing belongs which of the following MITRE ATTandCK tactics?
A. Initial Access, Persistence
B. Persistence, Command and Control
C. Reconnaissance, Persistence
D. Reconnaissance, Initial Access
When creating a custom XQL query in a dashboard, how would a user save that XQL query to the Widget Library?
A. Click the three dots on the widget and then choose "Save" and this will link the query to the Widget Library.
B. This isn't supported, you have to exit the dashboard and go into the Widget Library first to create it.
C. Click on "Save to Action Center" in the dashboard and you will be prompted to give the query a name and description.
D. Click on "Save to Widget Library" in the dashboard and you will be prompted to give the query a name and description.
An attacker tries to load dynamic libraries on macOS from an unsecure location. Which Cortex XDR module can prevent this attack?
A. DDL Security
B. Hot Patch Protection
C. Kernel Integrity Monitor (KIM)
D. Dylib Hijacking
As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to download Cobalt Strike on one of your servers. Days later, you learn about a massive ongoing supply chain attack. Using Cortex XDR you recognize that your server was compromised by the attack and that Cortex XDR prevented it. What steps can you take to ensure that the same protection is extended to all your servers?
A. Create Behavioral Threat Protection (BTP) rules to recognize and prevent the activity.
B. Enable DLL Protection on all servers but there might be some false positives.
C. Create IOCs of the malicious files you have found to prevent their execution.
D. Enable Behavioral Threat Protection (BTP) with cytool to prevent the attack from spreading.
How does Cortex XDR agent for Windows prevent ransomware attacks from compromising the file system?
A. by encrypting the disk first.
B. by utilizing decoy Files.
C. by retrieving the encryption key.
D. by patching vulnerable applications.
Cortex XDR Analytics can alert when detecting activity matching the following MITRE ATTandCKTM techniques.
A. Exfiltration, Command and Control, Collection
B. Exfiltration, Command and Control, Privilege Escalation
C. Exfiltration, Command and Control, Impact
D. Exfiltration, Command and Control, Lateral Movement
Live Terminal uses which type of protocol to communicate with the agent on the endpoint?
A. NetBIOS over TCP
B. WebSocket
C. UDP and a random port
D. TCP, over port 80
You can star security events in which two ways? (Choose two.)
A. Create an alert-starring configuration.
B. Create an Incident-starring configuration.
C. Manually star an alert.
D. Manually star an Incident.
A. Enable DLL Protection on all endpoints but there might be some false positives.
B. Create Behavioral Threat Protection (BTP) rules to recognize and prevent the activity.
C. No step is required because Cortex shares IOCs with our fellow Cyber Threat Alliance members.
D. No step is required because the malicious document is already stopped.
Which of the following best defines the Windows Registry as used by the Cortex XDR agent?
A. a hierarchical database that stores settings for the operating system and for applications
B. a system of files used by the operating system to commit memory that exceeds the available hardware resources. Also known as the "swap"
C. a central system, available via the internet, for registering officially licensed versions of software to prove ownership
D. a ledger for maintaining accurate and up-to-date information on total disk usage and disk space remaining available to the operating system
