Palo_Alto_Networks
XDR-ENGINEER · Question #16
XDR-ENGINEER Question #16: Real Exam Question with Answer & Explanation
Sign in or unlock XDR-ENGINEER to reveal the answer and full explanation for question #16. The question stem and answer options stay visible for context.
Question
An XDR engineer is configuring an automation playbook to respond to high-severity malware alerts by automatically isolating the affected endpoint and notifying the security team via email. The playbook should only trigger for alerts generated by the Cortex XDR analytics engine, not custom BIOCs. Which two conditions should the engineer include in the playbook trigger to meet these requirements? (Choose two.)
Options
- AAlert severity is High
- BAlert source is Cortex XDR Analytics
- CAlert category is Malware
- DAlert status is New
Unlock XDR-ENGINEER to see the answer
You've previewed enough free XDR-ENGINEER questions. Unlock XDR-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.