During the TMS instance activation, a tenant (Customer) provides the following information for the fields in the Activation - Step 2 of 2 window.
During the service instance provisioning which three DNS host names are created? (Choose three.)
A. cc-xnet50.traps.paloaltonetworks.com
B. hc-xnet50.traps.paloaltonetworks.com
C. cc-xnet.traps.paloaltonetworks.com
D. cc.xnet50traps.paloaltonetworks.com
E. xnettraps.paloaltonetworks.com
F. ch-xnet.traps.paloaltonetworks.com
Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?
A. the relevant shell
B. The causality group owner
C. the adversary's remote process
D. the chain's alert initiator
What is the difference between an exception and an exclusion?
A. An exception is based on rules and exclusions are on alerts
B. An exclusion is based on rules and exceptions are based on alerts.
C. An exception does not exist
D. An exclusion does not exist
How can you view all the relevant incidents for an indicator?
A. Linked Incidents column in Indicator Screen
B. Linked Indicators column in Incident Screen
C. Related Indicators column in Incident Screen D. Related Incidents column in Indicator Screen
Whichfour types of Traps logs are stored within Cortex Data Lake?
A. Threat, Config, System,Data
B. Threat, Config, System, Analytic
C. Threat, Monitor. System, Analytic
D. Threat, Config, Authentication, Analytic
What method does the Traps agent use to identify malware during a scheduled scan?
A. Heuristic analysis
B. Local analysis
C. Signature comparison
D. WildFire hash comparison and dynamic analysis
Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)
A. IP
B. endpoint hostname
C. domain
D. registry entry
Which two filter operators are available in Cortex XDR? (Choose two.)
A. < >
B. Contains
C. =
D. Is Contained By
The certificate used for decryption was installed as a trusted root CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?
A. add paloaltonetworks com to the SSL Decryption Exclusion list
B. enable SSL decryption
C. disable SSL decryption
D. reinstall the root CA certificate
What are two manual actions allowed on War Room entries? (Choose two.)
A. Mark as artifact
B. Mark as scheduled entry
C. Mark as note
D. Mark as evidence