Q: 11
Which two outcomes can result from custom prioritization configuration? (Choose two)
Options
Discussion
I saw something similar in a recent practice, went with C and D.
Seen this before, it's definitely A and B. Custom prioritization is about tweaking alert severity and focusing on the most important assets, not auto-removing false positives or spinning up new playbooks. Pretty sure that's how XDR works.
A and B here, not C. Custom prioritization tweaks severity and asset focus, but it doesn't automatically eliminate false positives. Saw this in a practice test, but happy to be challenged if someone has seen C work differently.
C or D for me, since custom prioritization might allow you to get rid of noisy alerts or set up new workflows. Not positive, but both seem close to what config changes could do here.
A/B imo. Prioritization configs let you bump severity for certain alert types and make sure assets that matter most get flagged higher. Seen this in some practice tests and the official docs mention both these outcomes. Not 100% but seems pretty standard for XDR. If anyone knows from labs, let us know.
A/B? Not totally sure but both sound like what custom prioritization is meant for.
A and B. Clear question, saw similar on practice tests.
Be respectful. No spam.
