Exam SecOps-Pro Topic 1 Question 62 Discussion

Actual exam question for Palo Alto Networks's SecOps-Pro exam
Question #: 62
Topic #: 1

A global financial institution uses Cortex XDR and XSOAR. They have a stringent regulatory requirement to provide a monthly report detailing all successful and unsuccessful attempts to access sensitive financial applications (identified by specific process names and network destinations) from endpoints outside of their corporate VPN, along with the geo-location of the originating IP addresses. This report must differentiate between attempts originating from managed vs. unmanaged devices. The report needs to be immutable and archived for 7 years in a tamper-proof manner. Which combination of Cortex capabilities, data enrichment, and data handling processes would satisfy these complex requirements?

A. Create custom XDR reports for access attempts based on process names and network destinations. Manually filter for VPN status and geo-location using existing fields. Export to PDF and store on a local file share for archiving. This method is highly manual, prone to errors, and lacks immutability and automation. B. Utilize XQL queries in Cortex Data Lake to identify relevant network events. Enhance queries with XDR endpoint data for managed/unmanaged status. For geo-location, use a 'lookup' table or integrate with an external geo-IP service via XSOAR. XSOAR would then automate report generation (e.g., CSV), digital signing for immutability, and upload to an S3 bucket with versioning and WORM (Write Once Read Many) policies enabled for long-term archiving. This is a comprehensive and compliant approach. C. Configure Security Orchestrator (XSOAR) playbooks to continuously pull raw security logs from various sources. Enrich logs with VPN status and geo-IP using custom scripts within XSOAR. Generate a pre-formatted HTML report directly from XSOAR and email it to the compliance team monthly. Archiving relies on email server retention. This method lacks proper immutability and dedicated long-term archiving. D. Use Cortex XDR alerts to identify suspicious access attempts. Each alert would contain relevant details. Configure the alerts to forward to an external SIEM for central logging and reporting. The SIEM would then be responsible for generating the compliance report and archiving. This adds an unnecessary SIEM dependency and potential data loss during transfer. E. Create a custom application that directly accesses the Cortex Data Lake API, pulls the required data, performs all necessary enrichments (VPN status, geo- location), generates the report, and uploads it to an immutable storage service. This offers high customization but requires significant development and maintenance effort outside the Cortex platform.

Comments

Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.

RECENT DISCUSSIONS

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Disclaimer:
Actual4test doesn't offer Real SANS and GIAC Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
Actual4test material do not contain actual actual Oracle Exam Questions or material.
Actual4test doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
Actual4test Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Actual4test does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4test does not own or claim any ownership on any of the brands.