Question 1

What is the primary function of Cortex Xpanse in a cybersecurity ecosystem?

Options :

A : Enabling endpoint detection and response (EDR) for internal systems.

B : Providing detailed analysis of malicious files and network traffic.

C : Managing and aggregating threat intelligence feeds from multiple external sources.

D : Automatically discovering and continuously monitoring an organization-s global internet attack surface.

Answer: D

Question 2

Which statement describes a host-based intrusion prevention system (HIPS)?

Options :

A : It analyzes network traffic to detect unusual traffic flows and new malware.

B : It scans a Wi-Fi network for unauthorized access and removes unauthorized devices.

C : It is placed as a sensor to monitor all network traffic and scan for threats.

D : It is installed on an endpoint and inspects the device.

Answer: D

Question 3

Which of the following methods is most effective for detecting a command-and-control (C2) communication channel in a compromised network?

Options :

A : Using endpoint detection tools to identify unauthorized USB device connections.

B : Scanning email attachments for known malware signatures.

C : Blocking all internet access from the internal network to prevent potential C2 channels.

D : Monitoring network traffic for abnormal outbound connections to uncommon or suspicious domains.

Answer: D

Question 4

An organization is experiencing suspicious activity on multiple endpoints. The security team needs to identify the root cause and the scope of the compromise by analyzing endpoint memory, processes, and file system changes. Which IR tool is the most appropriate for this task?

Options :

A : EDR (Endpoint Detection and Response)

B : SIEM (Security Information and Event Management)

C : Sandboxing Tool

D : DLP (Data Loss Prevention)

Answer: A

Question 5

Your organization has implemented a Managed Detection and Response (MDR) service alongside an endpoint security platform. During a security audit, the team is reviewing the overlap between the MDR service and Incident Response (IR) tools to understand their roles in the cybersecurity framework. Which of the following statements best highlights the difference between MDR services and IR tools?

Options :

A : MDR services provide real-time threat hunting and response, while IR tools focus on post-incident forensic analysis and remediation.

B : MDR services only monitor alerts, while IR tools perform active threat containment.

C : IR tools are cloud-based, while MDR services are on-premises.

D : MDR services are designed for internal use by cybersecurity teams, while IR tools are outsourced to external consultants.

Answer: A

Free Cybersecurity-Practitioner Mock Exam – Practice Online Confidently

Buying Options: