Absolute Free XDR-Engineer Exam Practice for Comprehensive Preparation 

Based on the Malware profile image below, what happens when a new custom-developed application attempts to execute on an endpoint?

Which two steps should be considered when configuring the Cortex XDR agent for a sensitive and highly regulated environment? (Choose two.)

dataset = xdr_data

| fields agent_hostname, _time, _product

| comp latest as latest_time by agent_hostname, _product

| join type=inner (dataset = endpoints

| fields endpoint_name, endpoint_status, endpoint_type) as lookup lookup.endpoint_name = agent_hostname

| filter endpoint_status = ENUM.CONNECTED

| fields agent_hostname, endpoint_status, latest_time, _product

An XDR engineer is configuring an automation playbook to respond to high-severity malware alerts by automatically isolating the affected endpoint and notifying the security team via email. The playbook should only trigger for alerts generated by the Cortex XDR analytics engine, not custom BIOCs. Which two conditions should the engineer include in the playbook trigger to meet these requirements? (Choose two.)