Palo_Alto_Networks
XDR-ENGINEER · Question #38
XDR-ENGINEER Question #38: Real Exam Question with Answer & Explanation
Sign in or unlock XDR-ENGINEER to reveal the answer and full explanation for question #38. The question stem and answer options stay visible for context.
Question
An XDR engineer is creating a correlation rule to monitor login activity on specific systems. When the activity is identified, an alert is created. The alerts are being generated properly but are missing the username when viewed. How can the username information be included in the alerts?
Options
- ASelect "Initial Access" in the MITRE ATT&CK mapping to include the username
- BUpdate the query in the correlation rule to include the username field
- CAdd a mapping for the username field in the alert fields mapping
- DAdd a drill-down query to the alert which pulls the username field
Unlock XDR-ENGINEER to see the answer
You've previewed enough free XDR-ENGINEER questions. Unlock XDR-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.