Q: 16
Which Cortex XDR feature enables automated responses to certain threats?
Options
Discussion
It’s A, Playbooks integrated with XSOAR. XSOAR playbooks are the only option here that triggers actual automated response actions in Cortex XDR. The others are manual steps or config tweaks, not automation. D (exclusion rules) looks tempting but doesn’t handle responses to threats dynamically. Seen this on other practice tests too.
A tbh, since only playbooks with XSOAR let you automate real security responses like isolating hosts or blocking indicators. The rest (B, C, D) are more for tuning or manual actions. Not 100 percent sure if the exam ever tries to twist this, but all docs point at A.
A is the one that does actual automation since playbooks in XSOAR trigger real response actions. The other choices are either manual or just change settings, not automated. Pretty sure about this, but open if anyone has seen something different on the exam.
A
D
A imo, since playbooks with XSOAR are what automate responses in Cortex XDR. Other options are manual or config changes only. Clear and to the point question.
Be respectful. No spam.
