Exam SecOps-Pro Topic 1 Question 38 Discussion

Actual exam question for Palo Alto Networks's SecOps-Pro exam
Question #: 38
Topic #: 1

A sophisticated APT group is observed using a custom, polymorphic malware variant. The only consistent indicator found across initial compromises is the use of a unique, newly registered domain (evil-command-control .xyz) for C2 communications, which is not yet widely known to public threat intelligence feeds. The security team needs to rapidly operationalize this domain indicator within their Cortex ecosystem for both prevention and detection.

A. Submit the domain to WildFire for analysis and await a verdict, then manually create a custom URL filtering profile on the NGFW for the domain. Use Cortex XDR 'Search' to look for DNS queries to the domain. B. Ingest the domain into a custom 'Threat Intelligence Feed' within Cortex XSOAR, which then automatically pushes it to an External Dynamic List (EDL) on all Next-Generation Firewalls. Concurrently, configure a new 'Analytics Rule' in Cortex XDR to alert on any network connections or DNS resolutions to evil-command- control. xyz. C. Leverage Cortex XDR's 'Indicator Management' to directly import the domain. This will automatically block traffic to the domain and trigger alerts on existing connections. D. Modify the existing 'DNS Security Policy' on the NGFW to block all queries to .xyz top-level domains, and initiate a 'Live Terminal' session on affected endpoints to search for the domain in browser history. E. Create a custom 'AutoFocus Profile' for the domain evil-command-control.xyz and then use Cortex XSOAR to create a 'War Room' for manual investigation.

Suggested Answer: B Vote an answer

Option B is the most robust and automated solution. Ingesting the domain into a custom XSOAR threat intelligence feed allows for centralized management and automated distribution to NGFW EDLs for immediate network-wide blocking. Simultaneously, creating an Analytics Rule in XDR ensures continuous detection and alerting on any attempts to connect to or resolve the domain on endpoints. This provides both proactive prevention and reactive detection. Option A is too manual and reactive. Option C is incorrect; while XDR can use indicators, direct automatic blocking across the network based solely on indicator import isn't its primary mechanism without an NGFW integration or specific policy. Option D is overly broad and would cause legitimate service disruption. Option E is an investigative step and doesn't provide automated prevention or detection.

by Lisa at Mar 30, 2026, 03:57 AM

Limited Time Offer

15%

Off

Get Premium SecOps-Pro Questions as Interactive Self Test Engine or PDF

Comments

Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.

RECENT DISCUSSIONS

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Disclaimer:
Actual4test doesn't offer Real SANS and GIAC Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
Actual4test material do not contain actual actual Oracle Exam Questions or material.
Actual4test doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
Actual4test Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Actual4test does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4test does not own or claim any ownership on any of the brands.