Exam SecOps-Pro Topic 1 Question 71 Discussion

Actual exam question for Palo Alto Networks's SecOps-Pro exam
Question #: 71
Topic #: 1
A Security Operations Center (SOC) using Cortex XDR observes a high-severity alert indicating a potential ransomware attack. The alert details include a specific file hash (SHA256: e3bOc44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855) associated with a suspicious process. Which of the following Cortex XDR and Cortex XSOAR capabilities would be most effective in leveraging this file indicator for rapid investigation and containment?

Suggested Answer: A Vote an answer

Option A is the most effective. Cortex XDR integrates with AutoFocus, Palo Alto Networks' threat intelligence service, which can provide immediate context and reputation for file hashes. If the hash is known malicious, WildFire (Palo Alto Networks' cloud-delivered malware analysis service) can be used to generate a signature and prevent execution, effectively blocking it across the network. This demonstrates the seamless integration of file indicators for rapid threat intelligence lookup and prevention. Option B is a reactive measure, and deleting a file without full context can be risky. Option C is incorrect; you would want to block, not exclude, a malicious file. Option D is a procedural step but doesn't directly leverage the file indicator for technical containment. Option E relies on external, potentially slower public services.

by Patrick at Apr 27, 2026, 08:53 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10