In Windows and macOS you need to prevent the Cortex XDR Agent from blocking execution of a file based on the digital signer. What is one way to add an exception for the singer?
A.
In the Restrictions Profile, add the file name and path to the Executable Files allow list.
B.
Create a new rule exception and use the singer as the characteristic.
C.
Add the signer to the allow list in the malware profile.
D.
Add the signer to the allow list under the action center page.
C is the right answer since in the malware profile you can add items to the allowed list based on the signer.
A is wrong, I mean you can do it but that is not what the question is asking for lol
It's worth to mention that creating an allow list based on digital signer used to be available in the malware protection profile but in older versions, on the very newer versions this feature has changed and is not available on that profile anymore. There is a new feature called "Legacy Agent Exceptions" under Settings > Exceptions Configurations and you basically have to create a rule exception based on your needs such as the digital signer. So if the question is expecting an updated answer then the right choice would be "B", probably on the real exam the question is worded different.
I'd say C is for 3.5 version and older and B is for newer versions:
"Add a Disable Prevention Rule
Cortex XDR enables you to generate granular exceptions to prevention actions defined for your endpoints. You can specify signers, command line, or processes to exclude from the prevention actions triggered by specific security modules. This may be useful when you have processes that are essential to your organization and must not be terminated. Cortex XDR still generates Alerts from the disabled rules."
Checking inside my client's platform that's what I can see and we're running 3.7 currently.
Info taken from here:
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-Disable-Prevention-Rule
the correct option to prevent the Cortex XDR Agent from blocking the execution of a file based on the digital signer may vary depending on the specific version and configuration of the Cortex XDR Agent. However, based on the given options, the most appropriate choice would be:
C. Add the signer to the allow list in the malware profile.
By adding the digital signer to the allow list in the malware profile, you are essentially telling the Cortex XDR Agent to trust files signed by that specific signer and allow their execution without being blocked.
It's worth noting that cybersecurity measures and software configurations can change over time, so it's essential to refer to the official documentation or the latest guidelines provided by the product's vendor for the most up-to-date information. Additionally, configuring security software requires careful consideration and should be performed by knowledgeable and authorized personnel to ensure the system's security.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
danups
4 months, 2 weeks agodanups
3 months, 4 weeks ago0707bc6
9 months, 1 week agoChiquitabandita
10 months agoChiquitabandita
10 months agoChiquitabandita
10 months agosharkk43
1 year, 2 months agoim2ca
1 year, 5 months ago