CertsTopics Logo

Winter Sale - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Last Attempt XSIAM-Engineer Questions

Page: 2 / 4
Total 59 questions
Get XSIAM-Engineer Full Access Download XSIAM-Engineer PDF

Palo Alto Networks XSIAM Engineer Questions and Answers

Question 5

A Cortex XDR agent is installed on an endpoint, but the agent is unable to download content updates and has not registered with the Cortex XSIAM server. An engineer troubleshoots the network connection and determines that, by design, this endpoint does not have direct internet access to the required network destinations for the Cortex XDR agent traffic.

A Broker VM that has the local agent settings applet enabled with Agent Proxy configured is reachable by the endpoint. The Broker VM details are as follows:

FQDN: crtxbroker01.company.net

Proxy listening port: 8888

How should the engineer configure the Cortex XDR agent to use the existing Broker VM as a proxy for the agent network traffic?

Options:

A.

cytool proxy set "crtxbroker01. company.net: 8888"

B.

cytool config proxy --host crtxbroker01.company.net --port 8888

C.

cytool set proxy --host crtxbroker01.company.net --port 8888

D.

cytool proxy config "crtxbroker01.company.net:8888"

Question 6

How will Cortex XSIAM help with raw log ingestion from third-party sources in an existing infrastructure?

Options:

A.

Any structured logs coming into it are left completely unchanged, and only metadata is added to the raw data.

B.

For structured logs, like CEF, LEEF, and JSON, it decouples the key-value pairs and saves them in table format.

C.

Any unstructured logs coming into it are left completely unchanged, and metadata is not added to the raw data.

D.

For unstructured logs, it decouples the key-value pairs and saves them in a table format.

Question 7

A Cortex XSIAM engineer is preparing to install a new content pack and notices that there are several optional content packs associated with the main one that needs to be installed.

What must the engineer take into consideration when deciding whether or not to install the optional content packs?

Options:

A.

Mandatory dependencies required by the optional content packs are automatically included during installation. The engineer should consider the additional functionality and potential impact on system performance.

B.

The optional content packs without their associated dependencies are installed first, and then the main content pack installation is triggered. The engineer should ensure that the optional content packs do not conflict with existing configurations.

C.

Optional content packs are installed without any dependencies, as they are not necessary. The engineer should only install them if they require the additional features.

D.

Only the selected optional content packs are installed, without including any additional dependencies. The engineer should manually check for any required dependencies.

Question 8

A Cortex XSIAM engineer adds a disable injection and prevention rule for a specific running process. After an hour, the engineer disables the rule to reinstate the security capabilities, but the capabilities are not applied.

What is the explanation for this behavior?

Options:

A.

The engineer needs to restart the process to get back the security capabilities.

B.

The engineer needs a support exception to get back the security capabilities.

C.

The engineer needs to wait for the time period configured in the rule to pass first.

D.

The engineer can disable the rule, but security capabilities are not applied to the process.

Page: 2 / 4
Total 59 questions
Get XSIAM-Engineer Full Access Download XSIAM-Engineer PDF