Exam SecOps-Pro Topic 1 Question 1 Discussion
Actual exam question for Palo Alto Networks's SecOps-Pro exam
Question #: 1
Topic #: 1
Question #: 1
Topic #: 1
A Security Operations Center (SOC) analyst is investigating a suspected lateral movement incident. Cortex XDR has triggered an alert indicating suspicious PowerShell activity originating from a compromised endpoint. The analyst needs to rapidly understand the scope of compromise, specifically identifying other systems the attacker may have accessed using stolen credentials. Which key Cortex XDR elements, in combination, would be most crucial for efficiently tracing the attacker's path and identifying affected assets?
Suggested Answer: A Vote an answer
To trace lateral movement and identify affected assets, a SOC analyst needs granular insight into both endpoint activity and user behavior. Telemetry data from Cortex XDR agents (processes, network connections, file access) provides the foundational visibility into what happened on the compromised endpoint and how it communicated with other systems. User Behavioral Analytics (UBA) data, powered by Cortex XDR's analytics engine, can highlight anomalous user logons, credential usage patterns (e.g., use of service accounts for interactive logons), and access to unusual resources, which are key indicators of lateral movement using stolen credentials. Options B, C, D, and E provide valuable data but are less directly focused on the immediate task of tracing the attacker's path via credential reuse and identifying compromised systems in the context of lateral movement, especially when considering the integrated capabilities of Cortex XDR.
by Harry at May 15, 2026, 10:23 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).