In addition to using valid authentication credentials, what is required to enable the setup of the Database Collector applet on the Broker VM to ingest database activity?
A. Access to the database transaction log
B. Valid SQL query targeting the desired data
C. Access to the database audit log
D. Database schema exported in the correct format
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Which configuration profile option with an available built-in template can be applied to both Windows and Linux systems by using XDR Collector?
A. XDR Collector settings
B. Winlogbeat
C. Filebeat
D. HTTP Collector template
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
Which XQL query can be saved as a behavioral indicator of compromise (BIOC) rule, then converted to a custom prevention rule?
A. dataset = xdr_data| filter event_type = ENUM.PROCESS and action_process_image_name =
"**"and action_process_image_command_line = "-e cmd*"and action_process_image_command_line != "*cmd.exe -a /c*"
B. dataset = xdr_data| filter event_type = ENUM.PROCESS and event_type = ENUM.DEVICE and action_process_image_name = "**"and action_process_image_command_line = "-e cmd*"and action_process_image_command_line != "*cmd.exe -a /c*"
C. dataset = xdr_data| filter event_type = ENUM.DEVICE and action_process_image_name =
"**"and action_process_image_command_line = "-e cmd*"and
action_process_image_command_line != "*cmd.exe -a /c*"
D. dataset = xdr_data| filter event_type = FILE and (event_sub_type = FILE_CREATE_NEW or event_sub_type = FILE_WRITE or event_sub_type = FILE_REMOVE or event_sub_type = FILE_RENAME) and agent_hostname = "hostname"| filter lowercase(action_file_path) in ("/etc/*",
"/usr/local/share/*", "/usr/share/*") and action_file_extension in ("conf", "txt")| fields action_file_name, action_file_path, action_file_type, agent_ip_addresses, agent_hostname, action_file_path
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
An attacker injects malicious code into a legitimate process to evade traditional signature-based detection mechanisms. Which Cortex XDR capability addresses this technique?
A. Endpoint Naming Policies
B. Behavioral Threat Protection
C. Device Discovery Services
D. Asset Grouping Rules
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Log events from a previously deployed Windows XDR Collector agent are no longer being observed in the console after an OS upgrade. Which aspect of the log events is the probable cause of this behavior?
A. They are in Winlogbeat format
B. They are less than 1MB
C. They are greater than 5MB
D. They are in Filebeat format
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
What will enable a custom prevention rule to block specific behavior?
A. A correlation rule added to a Malware profile
B. A custom behavioral indicator of compromise (BIOC) added to a Restriction profile
C. A correlation rule added to an Agent Blocking profile
D. A custom behavioral indicator of compromise (BIOC) added to an Exploit profile
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
質問 7:
A threat hunter needs to correlate DNS queries, process executions, and network connections across historical telemetry using advanced search logic. Which feature should be used?
A. Asset Inventory
B. Incident Dashboard
C. Host Firewall Profiles
D. XQL Search
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
1290 お客様のコメント





春野** -
本日試験を終えて無事合格しました。このXDR-Engineer問題集で充分、模擬試験をやってれば楽勝だと思います。
サポートしてくれてありがとうございました。