Q: 8
Which two activities fall under forensic investigation in Cortex XDR? (Choose two)
Options
Discussion
A/B, seen exactly similar question in my exam and those two match the typical forensic investigation tasks every time.
C/D? I'm leaning toward D and C, but maybe I'm overthinking it. Configuring new firewall rules (C) feels like you'd do it as part of a containment step after you find something suspicious, so I could see someone picking it for investigation indirectly. Adjusting incident scores (D) also seems like you'd do while analyzing an event's details, even though it's not classic forensic work. I don't think it's A or B since those seem too technical for this context, but not sure. Anyone else read it this way?
I don’t think it’s A. C and D fit better for this one.
Its C/D
I’m wondering, if the question used the term “remediation” instead of “forensic investigation”, would C or D make sense? Feels like changing firewall rules or incident scores is more remediation than forensics. What do others think?
Probably A and B, C is more about response/config not forensics. Seen this style on past practice sets.
I don’t think it’s C, A and B fit better. Forensics means actually inspecting artifacts like memory dumps or registry changes for traces of attacks, not just changing configs. I’m pretty sure XDR’s investigation tools focus on those areas.
A and B make sense here. Forensics is about digging into artifacts like memory dumps or registry changes to spot malicious activity, not tweaking firewall rules or incident scores. Pretty sure that's the focus in Cortex XDR but open if I missed something.
Tricky wording! Forensic investigation usually means evidence analysis, so A and B make sense. If the question asked about containment or response, then maybe C or D could be considered, but that's not the case here. Pretty sure it's A/B unless Palo Alto changes their definition of forensic in documentation. Disagree?
C or D? But actually, forensics is about digging into the technical evidence, not changing protections or scores. A and B better fit classic analysis steps like looking at memory dumps and registry tweaks that malware might pull. Pretty sure that's what Cortex XDR lets you do in investigations. Agree?
Be respectful. No spam.
