I say it's A and D because of what I'm just reading off the official course in the section "Respond to Malicious Causality Chains". It goes like this:
"When the Cortex XDR agent detects a malicious activity, the Respond to Malicious Causality Chains module inspects the network connections opened by the processes involved in the attack to identify malicious IP addresses."
To me that's A nd D not A and C.
Forgot to add the second part:
"If such network connections are found, this protection module can automatically close all the network connections and block new connection requests from these IP addresses."
(Windows only) Respond to Malicious Causality Chains.
When the Cortex XDR agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the IP address to close all existing communication and block new connections from this IP address to the endpoint. When Cortex XDRblocks an IP address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. You can view the list of all blocked IP addresses per endpoint from the Action Center, as well as unblock them to re-enable communication as appropriate.
upvoted 3 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kadirerol
3 months, 3 weeks agonews088
1 year, 2 months agosharkk43
1 year, 2 months agosharkk43
1 year, 2 months agoXuannnnOAO
1 year, 3 months agounns12
1 year, 4 months agoKarreldanam
1 year, 7 months ago