Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks Exam PCDRA Topic 9 Question 63 Discussion

Actual exam question for Palo Alto Networks's PCDRA exam
Question #: 63
Topic #: 9
[All PCDRA Questions]

What should you do to automatically convert leads into alerts after investigating a lead?

Show Suggested Answer Hide Answer
Suggested Answer: B

To automatically convert leads into alerts after investigating a lead, you should create IOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting. IOC rules are used to detect known threats based on indicators of compromise (IOCs) such as file hashes, IP addresses, domain names, etc. By creating IOC rules from the leads, you can prevent future occurrences of the same threats and generate alerts for them.Reference:

PCDRA Study Guide, page 25

Cortex XDR 3: Handling Cortex XDR Alerts, section 3.2

Cortex XDR Documentation, section ''Create IOC Rules''


by Rory at Sep 19, 2024, 08:07 AM

Limited Time Offer

25%

Off

Get Premium PCDRA Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Gladis
24 days ago
C) BIOC? Is that some kind of new cybersecurity dance move? I'll stick with good old IOCs, thanks.
upvoted 0 times
...
Blossom
28 days ago
I'm not sure, but I think D) Build a search query using Query Builder or XQL using a list of IOCs could also be a valid option.
upvoted 0 times
...
Shakira
28 days ago
Haha, A) is a classic case of closing the barn door after the horse has bolted. Can't prevent what's already happened!
upvoted 0 times
Kimberely
15 days ago
B) Create IOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.
upvoted 0 times
...
...
Rodolfo
1 months ago
I think D) is the way to go. Building a search query sounds like the logical next step after lead hunting.
upvoted 0 times
Margarett
3 days ago
B) Create IOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.
upvoted 0 times
...
Shawnna
17 days ago
D) Build a search query using Query Builder or XQL using a list of IOCs.
upvoted 0 times
...
...
Rodrigo
1 months ago
I agree with Krissy, creating IOC rules seems like the right approach to automatically convert leads into alerts.
upvoted 0 times
...
Kizzy
1 months ago
B) is the correct answer. Creating IOC rules based on the investigation findings is the way to automatically convert leads into alerts.
upvoted 0 times
Goldie
21 days ago
D) Build a search query using Query Builder or XQL using a list of IOCs.
upvoted 0 times
...
Bambi
26 days ago
A) Lead threats can't be prevented in the future because they already exist in the environment.
upvoted 0 times
...
Ocie
28 days ago
B) Create IOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.
upvoted 0 times
...
...
Krissy
1 months ago
I think the answer is B) Create IOC rules based on the set of the collected attribute-value pairs over the affected entities concluded during the lead hunting.
upvoted 0 times
...

Save Cancel