Q: 6
What is the primary purpose of the Cortex XDR “Featured fields”?
Options
Discussion
B. not A. Featured fields are there to help triage by showing the most important attributes right away.
B featured fields just make triage way faster by surfacing the right stuff up top.
B , it's all about quick triage. Featured fields show the most important details right up front so analysts don't waste time digging for key info. Not really about SOAR or automation, I think. Agree?
My pick: B. The phrase "primary purpose" makes me think it's about highlighting info for triage, not automating anything. But if there's a policy change making SOAR triggers more common, could see D in weird edge cases.
Hard to say, D, since SOAR gets involved in escalations sometimes. Could be a trap between B and D.
B imo, featured fields just bubble up the most critical details for an alert or incident so analysts can spot what's important fast. Not about automating or escalating, just making triage easier. Pretty sure that's right but open to other takes if I missed something.
B tbh, had something like this in a mock. Featured fields in Cortex XDR are for fast triage highlights.
I’d say B-featured fields are mostly for highlighting the key stuff so analysts can triage faster. That's what I've seen in similar exam reports, but not totally sure if there's a newer feature that changes that.
Honestly, B fits unless the question is referencing some new automation tie-in that's not standard. Featured fields are mainly to highlight key info for triage, not automate escalation. But if a workflow links them to SOAR actions, I could see confusion. Anyone think D has a special use case?
B featured fields help with fast triage by surfacing key info up front.
Be respectful. No spam.
