Discover the key manual actions allowed on War Room entries in Cortex XDR. Learn about marking entries as notes and evidence to enhance your incident response capabilities.
Table of Contents
Question
Which two manual actions are allowed on War Room entries? (Choose two.)
A. mark as note
B. mark as scheduled entry
C. mark as evidence
D. mark as artifact
Answer
The two correct manual actions allowed on War Room entries in Cortex XDR are:
A. mark as note
C. mark as evidence
Explanation
In Cortex XDR’s War Room, which is a centralized hub for incident investigation and response, analysts have the ability to perform specific manual actions on entries to organize and categorize information effectively. These actions are crucial for streamlining the incident response process and maintaining a clear record of the investigation.
- Mark as note (A):
This action allows analysts to flag certain entries as notes, which can be used to add context, observations, or additional information to the investigation. Notes are valuable for team collaboration and for providing insights that may not be directly evident from the raw data. - Mark as evidence (C):
This action enables analysts to designate specific War Room entries as evidence. This is particularly important for identifying and preserving key artifacts or information that may be critical for the investigation or potential legal proceedings.
The other options provided are not valid manual actions for War Room entries in Cortex XDR:
B. Mark as scheduled entry: This is not a standard action in the War Room. Scheduling is typically associated with other features like automated tasks or reports, but not with War Room entries.
D. Mark as artifact: While artifacts are important in cybersecurity investigations, “marking as artifact” is not a specific action in the Cortex XDR War Room. Artifacts are usually collected and analyzed through other means within the platform.
Understanding these manual actions is essential for effectively using the War Room in Cortex XDR. By properly utilizing the “mark as note” and “mark as evidence” features, security analysts can better organize their investigations, collaborate with team members, and ensure that critical information is properly highlighted and preserved throughout the incident response process.
Palo Alto Networks PSE-Cortex certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Palo Alto Networks PSE-Cortex exam and earn Palo Alto Networks PSE-Cortex certification.