ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PSE-Cortex All Questions

View all questions & answers for the PSE-Cortex exam
Go to Exam

Exam PSE-Cortex topic 1 question 50 discussion

Actual exam question from Palo Alto Networks's PSE-Cortex
Question #: 50
Topic #: 1
[All PSE-Cortex Questions]

Which two entities can be created as a behavioral indicator of compromise (BIOC)? (Choose two.)

  • A. process
  • B. data
  • C. event alert
  • D. network
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by LAFJ at Sept. 6, 2024, 3:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
LAFJ
8 months ago
The following describes the event_type values for which you can create a BIOC rule. FILE—Events relating to file create, write, read, and rename according to the file name and path. INJECTION—Events related to process injections. LOAD_IMAGE—Events relating to module IDs of processes. NETWORK—Events relating to incoming and outgoing network, filed IP addresses, port, host name, and protocol. PROCESS—Events relating to execution and injection of a process name, hash, path, and CMD. REGISTRY—Events relating to registry write, rename and delete according to registry path. STORY—Events relating to a combination of firewall and endpoint logs over the network. EVENT_LOG—Events relating to Windows event logs and Linux system authentication logs.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago