SecOps Fundamentals

Question 1

What Is Cortex?

Answer 1

Cortex is an artificial-intelligence-based, continuous security platform. Cortex allows organizations to create, deliver, and consume innovative new security products from any provider without additional complexity or infrastructure.

Question 2

The goal of any security team

Answer 2

is to defend an organization’s infrastructure and data from damage, unauthorized access, and misuse.

Question 3

Cortex XSOAR

Answer 3

allows security teams to ingest alerts across multiple sources and then execute automatable playbooks for accelerated incident response.

Question 4

Cortex XSIAM

Answer 4

is an artificial intelligence (AI)-powered security operations platform that revolutionizes the way data, analytics, and automation get deployed to outpace modern threats.

Question 5

Behavioral Threat Protection LIfecycle

Answer 5

1. Endpoint Attacks Generate Multiple Events
2. Cortex XDR Executes Policy-Based Action
3. Cortex XDR prevents Script-based, file-less attacks
4. Cortex XDR Blocks Ransomeware

Question 6

How does the Cortex XDR agent block zero day attacks/

Answer 6

By blocking the exploitation techniques that attackers use to manipulate applications.

Question 7

Actions available when remediation on the endpoint is needed following an alert or investigation.

Answer 7

Isolate Endpoint

Terminate Process

Block Additional Executions

Quarantine Malicoius Files

Retrieve Files

Access Endpoints with Live Terminal

Orchestrate Reponse

Question 8

3 Areas of Focus with XSOAR

Answer 8

Workflow Automation

Ticketing

Collaboration

Question 9

Goals of Cortex XSOAR

Answer 9

Accelerated Responses

Collaboration and Learning

Standardized Process

Reduced Risk

Question 10

TIM

Answer 10

Threat Intelligence Management

Question 11

XSIAM

Answer 11

Extended Security Intelligence and Automation Management

Part EDR, SOAR, as well as Attack Surface Management (ASM)

Question 12

What technology is set to replace SIEM?

Answer 12

XSIAM

Extended Security Intelligence and Automation Managment

Question 13

What four technologies make up Cortex XSIAM?

Answer 13

SOAR
EDR
ASM
SIEM

Question 14

SOAR

Answer 14

SOAR is a technology designed to centralize and automate routine tasks as well as enrich the work of security analysts by performing mundane tasks as soon as the alert is handled.

Question 15

ASM

Answer 15

technology is designed to utilize the attacker’s perspective in the discovery, management, identification, and monitoring of an organization’s internet-facing perimeter.

Question 16

SIEM

Answer 16

is a technology that has been integrated into security operations for nearly two decades. SIEMs ingest and store logs, normalize them, run rules against the normalized logs, and create alerts based upon preconfigured logic.

Question 17

Which Cortex technology combines multiple methods of prevention at critical phases within the attack lifecycle to halt the execution of malicious programs and stop the exploitation of legitimate applications, regardless of operating system?

Answer 17

XDR

Question 18

What is the purpose of using decoy files in the Cortex XDR agent’s behavior-based ransomware protection module?

Answer 18

To attract ransomware and analyze its behavior

Question 19

Which three areas of focus can Cortex XSOAR help SecOps teams combat security challenges? (Choose three.)

Answer 19

Workflow Automation

Ticketing

Collaboration

Question 20

Which security technology is known for storing, ingesting and normalizing logs and running rules against them?

Answer 20

SIEM