Exam SecOps-Pro Topic 1 Question 79 Discussion

Actual exam question for Palo Alto Networks's SecOps-Pro exam
Question #: 79
Topic #: 1

A Zero-Day exploit targets a widely used application within an organization, leading to a successful initial compromise. The security team detects anomalous network traffic patterns via their Palo Alto Networks Next-Generation Firewall (NGFW) and identifies the specific compromised host. During the 'Containment' phase of the NIST Incident Response Plan, which strategic and tactical action(s) should be prioritized to limit the blast radius and gather critical threat intelligence simultaneously, considering the zero-day nature of the attack?
(Select all that apply)

A. Immediately apply a custom URL filtering profile on the NGFW to block all outbound connections from the compromised host, except to designated forensic servers. B. Utilize Cortex XDR to isolate the compromised host from the network, preventing lateral movement, while enabling enhanced logging for detailed telemetry capture. C. Deploy a temporary 'sinkhole' configuration on the NGFW for the suspected C2 domain identified from threat intelligence, redirecting malicious traffic to a controlled environment for further analysis. D. Push out a global emergency patch for the vulnerable application across all enterprise endpoints, even if the patch is still in beta. E. Notify all affected users via email about the incident and instruct them to change their passwords immediately.

Suggested Answer: A,B,C Vote an answer

The 'Containment' phase is critical for limiting the scope of an incident. For a zero-day, simultaneously limiting spread and gathering intelligence is key. - A: Custom URL filtering (or Security Policies) for the compromised host is a precise network-level containment that still allows forensic data exfiltration to controlled systems. - B: Cortex XDR isolation is crucial for endpoint containment, preventing lateral movement, and enabling enhanced logging ensures detailed telemetry for post-incident analysis and new IOC generation. - C: A sinkhole configuration is an advanced containment and intelligence-gathering technique for C2 traffic, allowing the SOC to understand the attacker's capabilities without further compromise. - D: Pushing a beta patch globally is highly risky and violates standard change management, potentially causing more disruption. - E: Notifying users immediately and instructing password changes might be part of recovery or communication but is not a primary technical containment step for the zero-day exploit itself.

by Quincy at Apr 15, 2026, 07:00 AM

Limited Time Offer

15%

Off

Get Premium SecOps-Pro Questions as Interactive Self Test Engine or PDF

Comments

Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.

RECENT DISCUSSIONS

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Disclaimer:
Actual4test doesn't offer Real SANS and GIAC Exam Questions.
Oracle and Java are registered trademarks of Oracle and/or its affiliates
Actual4test material do not contain actual actual Oracle Exam Questions or material.
Actual4test doesn't offer Real Microsoft Exam Questions.
Microsoft®, Azure®, Windows®, Windows Vista®, and the Windows logo are registered trademarks of Microsoft Corporation
Actual4test Materials do not contain actual questions and answers from Cisco's Certification Exams. The brand Cisco is a registered trademark of CISCO, Inc
CFA Institute does not endorse, promote or warrant the accuracy or quality of these questions. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Actual4test does not offer exam dumps or questions from actual exams. We offer learning material and practice tests created by subject matter experts to assist and help learners prepare for those exams. All certification brands used on the website are owned by the respective brand owners. Actual4test does not own or claim any ownership on any of the brands.