Palo_Alto_Networks
XSIAM-ANALYST · Question #8
XSIAM-ANALYST Question #8: Real Exam Question with Answer & Explanation
Sign in or unlock XSIAM-ANALYST to reveal the answer and full explanation for question #8. The question stem and answer options stay visible for context.
Question
An analyst is responding to a critical incident involving a potential ransomware attack. The analyst immediately initiates full isolation on the compromised endpoint using Cortex XSIAM to prevent the malware from spreading across the network. However, the analyst now needs to collect additional forensic evidence from the isolated machine, including memory dumps and disk images, without reconnecting it to the network. Which action will allow the analyst to collect the required forensic evidence while ensuring the endpoint remains fully isolated?
Options
- AUsing the management console to remotely run a predefined forensic playbook on the associated
- BCollecting the evidence manually through the agent by accessing the machine directly and
- CUsing the endpoint isolation feature to create a secure tunnel for evidence collection
- DDisabling full isolation temporarily to allow forensic tools to communicate with the endpoint
Unlock XSIAM-ANALYST to see the answer
You've previewed enough free XSIAM-ANALYST questions. Unlock XSIAM-ANALYST for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.