Question 1

When setting up a data connector, which parser can be used to transform incoming data into searchable events that trigger detections in Next-Gen SIEM?

Options :

A : CrowdStrike Parsing Standard (CPS) compliant parser

B : Charlotte AI-generated parser

C : VMWare ESXI parser

D : Linux syslog parser

Answer: A

Question 2

An event has the following fields:Which CQL query will output the frequency of a unique set of ComputerName, UserName, CommandLine?

Options :

A : #event_simpleName = ProcessRollup2 FileName = ssh.exe CommandLine = /\s-R\s.+\s-p/ | table([ComputerName, UserName, CommandLine]) | count()

B : #event_simpleName = ProcessRollup2| FileName = ssh.exe| CommandLine = /\s-R\s.+\s-p/| table([ComputerName, UserName, CommandLine], function=count())

C : #event_simpleName = ProcessRollup2| FileName = ssh.exe| CommandLine = /\s-R\s.+\s-p/| groupBy([ComputerName, UserName, CommandLine], function=count())

D : #event_simpleName = ProcessRollup2 FileName = ssh.exe CommandLine = /\s-R\s.+\s-p/ | groupBy([ComputerName, UserName, CommandLine])

Answer: C

Question 3

Which sequence correctly describes the process for duplicating a workflow in Fusion SOAR?

Options :

A : Go to Fusion SOAR > Workflow Management > Select "All Workflows" tab > Right-click on the workflow to duplicate > Select "Clone Workflow" > Modify workflow parameters > Click "Validate" > Set workflow status > Click Apply Changes

B : Go to Fusion SOAR > Fusion SOAR > Workflows > Select the checkbox next to the workflow you want to duplicate > Click "Actions" at the top of the page > Select "Create Copy" > Edit workflow name and description > Configure trigger conditions > Click Next > Review workflow canvas > Click Finish

C : Go to Fusion SOAR > Fusion SOAR > Workflows > Click Open (three dots) menu for the workflow you want to duplicate > Click "Duplicate workflow" > Update and rename the duplicated workflow > Click Save and exit to save the updated workflow

D : Go to Fusion SOAR > Fusion SOAR > Workflows > Find the workflow to duplicate > Click the workflow name > Select "Duplicate" from Actions menu > Edit the workflow configuration > Click "Create" to generate the new workflow > Set Status to On

Answer: C

Question 4

You notice that the format of incoming logs suddenly changes from JSON format to key-value pairs during log collection. What action would you take to parse the data correctly?

Options :

A : Use a multi-source configuration with different parsers per source

B : Switch to fleet mode and monitor the logs

C : Restart the log collector in debug mode

D : Disable parsing entirely

Answer: A

Question 5

Which default role will maintain least privilege and allow for creation and management of parsers?

Options :

A : NG SIEM Analyst

B : NG SIEM Security Lead

C : NG SIEM Administrator

D : NG SIEM Analyst – Read Only

Answer: B

Higher Test Marks with Free Online CCSE-204 Exam Practice

Buying Options: