Enhancing Cisco Security Solutions with Data Analytics | ECSS
Cisco XDR, Splunk SEIM, Splunk SOAR
Which statement is correct regarding XDR?
XDR correlates but does not contextualize the ingested data from the sources.
XDR can reduce false positives and deliver prioritized incidents based on
potential risk and impact.
XDR displays only current attacks, without the history of past attacks and
patterns
XDR can directly execute SOAR playbooks for TDIR.
Which two security actions can you perform using SIEM? (Choose two.)
Display wireless users with failed login attempts for the last 6 hours from your branch
offices.
Execute a playbook to contain an endpoint with malicious software.
Query all endpoints in your environment to perform advanced threat hunting.
Detect spikes of traffic that are the result of a DDoS attack against your
company's website.
Block an attachment with malicious software in an email.
Which two options are key functions of SOAR? (Choose two.)
Gather and store events and logs from various sources.
Provide comprehensive endpoint protection.
Automate repetitive and time-consuming tasks.
Orchestrate workflows to coordinate various security solutions.
Microsegment the network to enhance security and optimize performance.
You work as analyst in a SOC that uses integrated SIEM, SOAR, and XDR for security
operations. Which statement is correct?
SOAR can receive alerts from both SIEM and XDR.
SOAR can receive alerts from SIEM only.
SOAR can receive alerts from XDR only.
SOAR cannot receive alerts from the SIEM or XDR.
What does the "X" in XDR stand for?
an extended automated response to threats
an extended manual response to threats
an extended orchestration capability of various security solutions
an extended reach that covers all relevant control points including endpoints and
networks
You are explaining the evolution of key SOC solutions to a younger colleague, which
emerged in different periods to address specific challenges in the cybersecurity
landscape. Which solution appeared the latest?
EDR
XDR
SIEM
SOAR
NDR
This study source was downloaded by 100000820853758 from CourseHero.com on 12-17-2025 07:57:58 GMT -06:00
https://www.coursehero.com/file/251712786/Cisco-U-CEUs-ECSS-with-Data-Analytics-02-09192025docx/
, You work as a SOC analyst and you want to employ SOAR for phishing investigation and
response in your organization after a user reported this type of attack. What is the most
effective action you can take?
Use a predefined playbook to triage, investigate, and respond to phishing email threats.
Create your own playbook to triage, investigate, and respond to phishing email
threats.
Manually inspect alerts and initiate actions, since automated action cannot be
effective for this type of attack.
Send the alerts to the SIEM, where you can perform more effective actions.
What are the behaviors and methods employed by adversaries during a cyberattack
described as in the MITRE ATT&CK framework?
User Behavior Analytics (UBA)
User and Entity Behavior Analytics (UEBA)
Tools, Technologies, and Procedures (TTPs)
Tactics, Techniques, and Procedures (TTPs)
You work as a SOC analyst and you plan to refine your playbooks in Splunk SOAR based
on the post-incident analysis to improve the coverage, response times, and overall
effectiveness of your automation actions. You are not familiar with Python scripting, so
how can you easily accomplish this task?
Use Visual Basic to edit and refine the playbooks.
Use Visual Studio Code (VS Code) to edit and refine the playbooks.
Use the Visual Playbook editor to edit and refine the playbooks.
Use Notepad++ to edit and refine the playbooks.
You are planning to integrate Splunk SOAR with your Splunk Enterprise platform so you
can import data from Splunk SOAR and send data from your Splunk Enterprise instance
to Splunk SOAR. Which two apps do you need to install and on which solution? (Choose
two.)
Splunk App for SOAR Export on Splunk SOAR
Splunk App for Splunk Enterprise on Splunk SOAR
Splunk App for SOAR on Splunk Enterprise
Splunk App for SOAR Import on Splunk Enterprise
Splunk App for SOAR Export on Splunk Enterprise
You are working as a SOC manager and explaining the incident management process in
Cisco XDR to a new colleague, who is a SOC analyst. While showing the Cisco XDR
incidents page, you emphasize that new incidents are assigned a priority score and
automatically enriched. How is the incident Priority score calculated in Cisco XDR?
Detection Risk times MITRE TTP Financial Risk
MITRE TTP Financial Risk times Asset Value
Detection Risk times Source Severity
Detection Risk times Asset Value
Match each Cisco XDR response option with its description.
Pivot menus > Provide immediate response actions within the incident management
through out-of-the-box Cisco XDR automation workflows.
Playbooks > Available from drop-down icons next to observables in various places
within Cisco XDR.
This study source was downloaded by 100000820853758 from CourseHero.com on 12-17-2025 07:57:58 GMT -06:00
https://www.coursehero.com/file/251712786/Cisco-U-CEUs-ECSS-with-Data-Analytics-02-09192025docx/
Cisco XDR, Splunk SEIM, Splunk SOAR
Which statement is correct regarding XDR?
XDR correlates but does not contextualize the ingested data from the sources.
XDR can reduce false positives and deliver prioritized incidents based on
potential risk and impact.
XDR displays only current attacks, without the history of past attacks and
patterns
XDR can directly execute SOAR playbooks for TDIR.
Which two security actions can you perform using SIEM? (Choose two.)
Display wireless users with failed login attempts for the last 6 hours from your branch
offices.
Execute a playbook to contain an endpoint with malicious software.
Query all endpoints in your environment to perform advanced threat hunting.
Detect spikes of traffic that are the result of a DDoS attack against your
company's website.
Block an attachment with malicious software in an email.
Which two options are key functions of SOAR? (Choose two.)
Gather and store events and logs from various sources.
Provide comprehensive endpoint protection.
Automate repetitive and time-consuming tasks.
Orchestrate workflows to coordinate various security solutions.
Microsegment the network to enhance security and optimize performance.
You work as analyst in a SOC that uses integrated SIEM, SOAR, and XDR for security
operations. Which statement is correct?
SOAR can receive alerts from both SIEM and XDR.
SOAR can receive alerts from SIEM only.
SOAR can receive alerts from XDR only.
SOAR cannot receive alerts from the SIEM or XDR.
What does the "X" in XDR stand for?
an extended automated response to threats
an extended manual response to threats
an extended orchestration capability of various security solutions
an extended reach that covers all relevant control points including endpoints and
networks
You are explaining the evolution of key SOC solutions to a younger colleague, which
emerged in different periods to address specific challenges in the cybersecurity
landscape. Which solution appeared the latest?
EDR
XDR
SIEM
SOAR
NDR
This study source was downloaded by 100000820853758 from CourseHero.com on 12-17-2025 07:57:58 GMT -06:00
https://www.coursehero.com/file/251712786/Cisco-U-CEUs-ECSS-with-Data-Analytics-02-09192025docx/
, You work as a SOC analyst and you want to employ SOAR for phishing investigation and
response in your organization after a user reported this type of attack. What is the most
effective action you can take?
Use a predefined playbook to triage, investigate, and respond to phishing email threats.
Create your own playbook to triage, investigate, and respond to phishing email
threats.
Manually inspect alerts and initiate actions, since automated action cannot be
effective for this type of attack.
Send the alerts to the SIEM, where you can perform more effective actions.
What are the behaviors and methods employed by adversaries during a cyberattack
described as in the MITRE ATT&CK framework?
User Behavior Analytics (UBA)
User and Entity Behavior Analytics (UEBA)
Tools, Technologies, and Procedures (TTPs)
Tactics, Techniques, and Procedures (TTPs)
You work as a SOC analyst and you plan to refine your playbooks in Splunk SOAR based
on the post-incident analysis to improve the coverage, response times, and overall
effectiveness of your automation actions. You are not familiar with Python scripting, so
how can you easily accomplish this task?
Use Visual Basic to edit and refine the playbooks.
Use Visual Studio Code (VS Code) to edit and refine the playbooks.
Use the Visual Playbook editor to edit and refine the playbooks.
Use Notepad++ to edit and refine the playbooks.
You are planning to integrate Splunk SOAR with your Splunk Enterprise platform so you
can import data from Splunk SOAR and send data from your Splunk Enterprise instance
to Splunk SOAR. Which two apps do you need to install and on which solution? (Choose
two.)
Splunk App for SOAR Export on Splunk SOAR
Splunk App for Splunk Enterprise on Splunk SOAR
Splunk App for SOAR on Splunk Enterprise
Splunk App for SOAR Import on Splunk Enterprise
Splunk App for SOAR Export on Splunk Enterprise
You are working as a SOC manager and explaining the incident management process in
Cisco XDR to a new colleague, who is a SOC analyst. While showing the Cisco XDR
incidents page, you emphasize that new incidents are assigned a priority score and
automatically enriched. How is the incident Priority score calculated in Cisco XDR?
Detection Risk times MITRE TTP Financial Risk
MITRE TTP Financial Risk times Asset Value
Detection Risk times Source Severity
Detection Risk times Asset Value
Match each Cisco XDR response option with its description.
Pivot menus > Provide immediate response actions within the incident management
through out-of-the-box Cisco XDR automation workflows.
Playbooks > Available from drop-down icons next to observables in various places
within Cisco XDR.
This study source was downloaded by 100000820853758 from CourseHero.com on 12-17-2025 07:57:58 GMT -06:00
https://www.coursehero.com/file/251712786/Cisco-U-CEUs-ECSS-with-Data-Analytics-02-09192025docx/
