Q: 4
What does “starring” an alert signify in the Cortex XDR console?
Options
Discussion
Option B was in my exam last year. Starring just flags it as important for the analyst, doesn't trigger any updates or actions on the alert itself. Let me know if someone got a different result.
Option B Saw a similar question in some exam reports, starring just makes the alert stand out as important.
B for sure. Starring is just a way to visually mark an alert as important so analysts remember to look at it later. It doesn't auto-resolve, recalc severity, or merge anything. Unless they've added some new automation, I'm pretty confident it's still just a flag for importance-correct me if I'm missing something.
What if the alert was starred by automation and not manually? Would that flip it from B?
B no backend automation. Just marks it important for triage, pretty sure.
Guessing D for this one. I thought starring an alert could trigger a severity recalculation in some setups, not 100% sure here.
Yeah, it's B. Starring just signals it's important, doesn't do anything else automatically.
Kinda nitpicky but if you had a playbook that auto-stars certain alerts, doesn't it still just mean it's marked important for the analyst? So B is right as long as starring doesn't trigger other automations tied to the alert itself. Pretty sure that's the current behavior but open to correction.
Not C, that's a common mix-up. It's B, starring just marks the alert as important for follow-up, that's it.
Yeah, starring is just a way for the analyst to highlight an alert as important, nothing else changes in the backend. So B makes sense here. No impact on severity or status, unless someone manually acts later. If I'm missing something about automation, let me know, but pretty sure it's B.
Be respectful. No spam.
