Q: 8
Which two activities fall under forensic investigation in Cortex XDR? (Choose two)
Options
Discussion
Option D here. Adjusting incident scores feels like part of the investigation to me, not sure why it wouldn't count.
B and A tbh. Both are classic forensic moves in XDR since you're digging into what actually changed on endpoints and looking for signs of active threats. C and D feel more like response/tuning stuff. Not totally sure, but that's how I read it.
Does the question say "best forensic activities" or just any that apply? Official guide examples would help clarify.
Be respectful. No spam.
