Phishing belongs which of the following MITRE ATT&CK tactics?

When creating a BIOC rule, which XQL query can be used?

A.

dataset = xdr_data | filter event_sub_type = PROCESS_START and action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"

B.

dataset = xdr_data | filter event_type = PROCESS and event_sub_type = PROCESS_START and action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"

C.

dataset = xdr_data | filter action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe" | fields action_process_image

D.

dataset = xdr_data | filter event_behavior = true event_sub_type = PROCESS_START and action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"

Which built - in dashboard would be the best option for an executive, if they were looking for the Mean Time to Resolution (MTTR) metric?

What are two purposes of “Respond to Malicious Causality Chains” in a Cortex XDR Windows Malware profile? (Choose two.)

When creating a custom XQL query in a dashboard, how would a user save that XQL query to the Widget Library?