Question 1

Which of the following best describes the role of Cortex XDR during an active ransomware attack on an organization’s endpoints?

Options :

A : Cortex XDR deploys endpoint firewall rules to block all external traffic during the attack.

B : Cortex XDR automatically reverts the infected system to its previous state through rollback mechanisms.

C : Cortex XDR identifies unusual encryption patterns and correlates them with network activity to halt the attack.

D : Cortex XDR relies on traditional antivirus capabilities to quarantine the ransomware file.

Answer: C

Question 2

In the context of the AAA framework, which of the following best illustrates the accounting component’s functionality?

Options :

A : Granting users access to specific network segments based on predefined policies.

B : Providing users with access tokens to securely verify their identity on the network.

C : Ensuring that user credentials are encrypted during the authentication process.

D : Keeping a detailed log of a user’s login time, duration of access, and resources utilized during their session.

Answer: D

Question 3

Which of the following best describes the primary function of Endpoint Detection and Response (EDR) in an endpoint security strategy?

Options :

A : To detect, investigate, and respond to advanced threats and suspicious activities on endpoints.

B : To block all incoming network traffic from untrusted sources at the endpoint level.

C : To automatically patch vulnerabilities in endpoint operating systems and applications.

D : To provide file encryption to prevent unauthorized data access during breaches.

Answer: A

Question 4

An organization is experiencing suspicious activity on multiple endpoints. The security team needs to identify the root cause and the scope of the compromise by analyzing endpoint memory, processes, and file system changes. Which IR tool is the most appropriate for this task?

Options :

A : EDR (Endpoint Detection and Response)

B : SIEM (Security Information and Event Management)

C : Sandboxing Tool

D : DLP (Data Loss Prevention)

Answer: A

Question 5

Which of the following methods is most effective for detecting a command-and-control (C2) communication channel in a compromised network?

Options :

A : Using endpoint detection tools to identify unauthorized USB device connections.

B : Scanning email attachments for known malware signatures.

C : Blocking all internet access from the internal network to prevent potential C2 channels.

D : Monitoring network traffic for abnormal outbound connections to uncommon or suspicious domains.

Answer: D

Free Cybersecurity-Practitioner Mock Exam – Practice Online Confidently

Buying Options: