Online Access Free XSIAM-Analyst Practice Test

Which feature terminates a process during an investigation?

• A.Response Center
• B.Restriction
• C.Live Terminal
• D.Exclusion

Which two actions can an analyst take to reduce the number of false positive alerts generated by a custom BIOC? (Choose two.)

• A.Implement a shunt in a BIOC bypass rule
• B.Implement an alert exclusion rule.
• C.Implement a BIOC rule exception
• D.Implement a global exception in the prevention profile.

Match each alert evidence type with its investigation value:
Alert Evidence
A) Timeline
B) ITDR Findings
C) Causality Chain
D) File Hash
Use in Investigation
1. Tracks sequence of events
2. Indicates identity misuse
3. Shows parent-child process lineage
4. Maps to known malware indicators
Response:

• A.A-1, B-2, C-3, D-4
• B.A-1, B-3, C-2, D-4
• C.A-1, B-2, C-4, D-3
• D.A-4, B-2, C-3, D-1

Which option allows continuous monitoring and triage of evolving threats?
Response:

• A.Asset status logs
• B.Threat intelligence API
• C.Attack Surface Threat Response Center
• D.Live terminal execution

A ransomware alert triggers a playbook. What automated responses would be suitable?
Response:

• A.Alert legal counsel
• B.Initiate file quarantine
• C.Block related hash across the environment
• D.Trigger data encryption