Question 1

Which default role will maintain least privilege and allow for creation and management of parsers?

Options :

A : NG SIEM Analyst

B : NG SIEM Security Lead

C : NG SIEM Administrator

D : NG SIEM Analyst – Read Only

Answer: B

Question 2

Which sequence correctly describes the process for duplicating a workflow in Fusion SOAR?

Options :

A : Go to Fusion SOAR > Workflow Management > Select "All Workflows" tab > Right-click on the workflow to duplicate > Select "Clone Workflow" > Modify workflow parameters > Click "Validate" > Set workflow status > Click Apply Changes

B : Go to Fusion SOAR > Fusion SOAR > Workflows > Select the checkbox next to the workflow you want to duplicate > Click "Actions" at the top of the page > Select "Create Copy" > Edit workflow name and description > Configure trigger conditions > Click Next > Review workflow canvas > Click Finish

C : Go to Fusion SOAR > Fusion SOAR > Workflows > Click Open (three dots) menu for the workflow you want to duplicate > Click "Duplicate workflow" > Update and rename the duplicated workflow > Click Save and exit to save the updated workflow

D : Go to Fusion SOAR > Fusion SOAR > Workflows > Find the workflow to duplicate > Click the workflow name > Select "Duplicate" from Actions menu > Edit the workflow configuration > Click "Create" to generate the new workflow > Set Status to On

Answer: C

Question 3

An event has the following fields:Which CQL query will output the frequency of a unique set of ComputerName, UserName, CommandLine?

Options :

A : #event_simpleName = ProcessRollup2 FileName = ssh.exe CommandLine = /\s-R\s.+\s-p/ | table([ComputerName, UserName, CommandLine]) | count()

B : #event_simpleName = ProcessRollup2| FileName = ssh.exe| CommandLine = /\s-R\s.+\s-p/| table([ComputerName, UserName, CommandLine], function=count())

C : #event_simpleName = ProcessRollup2| FileName = ssh.exe| CommandLine = /\s-R\s.+\s-p/| groupBy([ComputerName, UserName, CommandLine], function=count())

D : #event_simpleName = ProcessRollup2 FileName = ssh.exe CommandLine = /\s-R\s.+\s-p/ | groupBy([ComputerName, UserName, CommandLine])

Answer: C

Question 4

When setting up a data connector, which parser can be used to transform incoming data into searchable events that trigger detections in Next-Gen SIEM?

Options :

A : CrowdStrike Parsing Standard (CPS) compliant parser

B : Charlotte AI-generated parser

C : VMWare ESXI parser

D : Linux syslog parser

Answer: A

Question 5

You are creating an AI-generated parser to process and normalize log data from various sources.How would you ensure the parser accurately interprets and categorizes the log data?

Options :

A : Ensure the parser has a minimum of 100 lines

B : Create a set of log examples to match log patterns from different sources

C : Write the parser in a high-level programming language (Python or Java)

Answer: B

Free CCSE-204 Mock Exam – Practice Online Confidently

Buying Options: