Palo_Alto_Networks
XDR-ENGINEER · Question #30
XDR-ENGINEER Question #30: Real Exam Question with Answer & Explanation
Sign in or unlock XDR-ENGINEER to reveal the answer and full explanation for question #30. The question stem and answer options stay visible for context.
Question
An insider compromise investigation has been requested to provide evidence of an unauthorized removable drive being mounted on a company laptop. Cortex XDR agent is installed with default prevention agent settings profile and default extension "Device Configuration" profile. Where can an engineer find the evidence?
Options
- ACheck Host Inventory -> Mounts
- Bdataset = xdr_data | filter event_type = ENUM.MOUNT and event_sub_type =
- CThe requested data requires additional configuration to be captured
- Dpreset = device_control
Unlock XDR-ENGINEER to see the answer
You've previewed enough free XDR-ENGINEER questions. Unlock XDR-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.