Option D: Dropper is the right answer.
im2ca has labeled all types of BIOC Rule. Which can be found under:
Ref.:
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/BIOC-Rule-Details
D is the only correct answer.
Type of BIOC rule:
Collection
Credential Access
Dropper
Evasion
Execution
Evasive
Exfiltration
File Privilege Manipulation
File Type Obfuscation
Infiltration
Lateral Movement
Other
Persistence
Privilege Escalation
Reconnaissance
Tampering
Actually in the current version both "Dropper" and "Discovery" are valid BIOC rule types; however due to the time of creation of this exam I would guess it was designed without considering the "Discovery" type as an option, so I would go for "Dropper" (D)
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Bsharif
9 months, 1 week ago_tips
1 year, 4 months agoim2ca
1 year, 6 months agoKarreldanam
1 year, 7 months agoPANW
1 year, 6 months agoescar
1 year, 8 months agodanups
4 months, 2 weeks agocneru1
1 year, 7 months ago