Security Operations Fundamentals

Question 1

Components of SOAR

Answer 1

Orchestration
Automation
Reponse

Question 2

SOAR

Answer 2

SOAR tools ingest aggregated alerts from detection sources (such as SIEMs, network security tools, and mailboxes) before executing automatable, process-driven playbooks to enrich and respond to these alerts.

Question 3

SIEM

Answer 3

SIEM’s collect disparate pieces of data and aggregate them into alerts.

Question 4

What tool or technology can the security operations team use to ingest aggregated alerts and execute an automated process-driven playbook?

Answer 4

SOAR

Question 5

What is the name of Palo’s XDR solution?

Answer 5

Cortex XDR

Question 6

Exploits

Answer 6

Exploits are the results of techniques used against a system that is designed to gain access through vulnerabilities in the code of an operating system or application.

Question 7

Malware

Answer 7

Malware is a file or code that infects, explores, steals, or conducts virtually any behavior an attacker wants.

Question 8

Ransomware

Answer 8

Ransomware is a form of malware that holds valuable files, data, or information for ransom, often by encrypting data, with the attacker holding the decryption key.

Question 9

Palo’s native threat intelligence is powered by what?

Answer 9

Unit 42

Question 10

What Is Native Threat Intelligence?

Answer 10

Native threat intelligence, powered by Unit 42, provides intel from multiple Palo Alto Networks services. Using native threat intelligence, you can investigate indicators and their behaviors and use that knowledge to better safeguard your network from malicious activity.

Question 11

Native Threat Intelligence provides data from?

Answer 11

WF - Wildfire

UF - URL Filtering database

Internal Unit 42 team

Third party feeds

Question 12

WF

Answer 12

Wildfire - cloud based malware sandbox

Question 13

UF

Answer 13

PAN URL Filtering database

Question 14

Threat Intel Interface Tabs

Answer 14

XSOAR Indicators

Sample Analysis

Sessions and Submissions

Threat Intel Reports

Question 15

XSOAR Indicators

Answer 15

You can now perform lookups in Unit 42 Intel for IP addresses, URLs, domains, and SHA-256 hashes.

Question 16

Sample Analysis

Answer 16

Unit 42 Intel provides a full report of activities, properties, and behaviors associated with file samples, enabling you to find links between attacks and analyze threat patterns.

Question 17

Sessions and Submissions

Answer 17

You can now use sessions and submissions data from Palo Alto Networks firewalls, WildFire, Cortex XDR, Prisma SaaS, and Prisma Access for investigation and analysis.

Question 18

Threat Intel Reports

Answer 18

You can now publish a report and access threat intel reports written by other analysts.

Question 19

Benefits of Native Threat Intelligence

Answer 19

1 - Act with Confidence

2 - Inform Next Steps in Response

3 - Identify and Monitor new threats

Question 20

What are three data sources security operations teams can use to investigate indicators and their behaviors? (Choose three.)

Answer 20

Unit 42

URL Filtering Database

Wildfire

Question 21

Which Threat Intel interface tab allows you to perform lookups in Unit 42 Intel IP addresses, URLs, domains, and SHA-256 hashes?

Answer 21

XSOAR Indicators

Question 22

Elements of Security Operations

Answer 22

details the building blocks of simpler, more effective security operations, drawing from our experts’ real-world experiences to help you build capabilities that deserve your confidence. You’ll learn how you can: