XSIAM-ENGINEER Exam Questions

Which two requirements must be met for a Cortex XDR agent to successfully use the Broker VM as a download source for content updates? (Choose two.)

During a new Cortex XSIAM deployment, a user consistently experiences timeout sessions while trying to connect to the agent through Live Terminal, even though the firewall engineer...

Which step must be taken to enable Cloud Identity Engine on Cortex XSIAM?

When Cortex XDR agents are on servers in a zone with no internet access, which configuration will keep them communicating with the platform?

Which installer type should be used when upgrading a non-Linux Kubernetes cluster?

A systems engineer overseeing the integration of data from various sources through data pipelines into Cortex XSIAM notices modifications occurring during the ingestion process, an...

A security engineer notices that in the past week ingestion has spiked significantly. Upon investigating the anomaly, it is determined that a custom application developed in-house...

An engineer is conducting a threat actor emulated test to determine which Cortex XDR module would provide protection or alert on a real-world attack. The first test was prevented....

A Cortex XSIAM engineer adds a disable injection and prevention rule for a specific running process. After an hour, the engineer disables the rule to reinstate the security capabil...

What is the function of the "MODEL" section when creating a data model rule?

What is the primary benefit of setting the "--memory-swap" option to "-1" during Cortex XSIAM engine deployment?

A CISO has asked an engineer to create a custom dashboard in Cortex XSIAM that can be filtered to show incidents assigned to a specific user. Which feature should be used to filter...

How can a Cortex XSIAM engineer resolve the issue when a SOC analyst escalates missing details after merging two similar incidents?

Which cytool command will look up the policy being applied to a Cortex XDR agent?

A file for a support exception that needs to be updated locally on a Linux endpoint has been supplied. Which cytool command will upload this support exception file to the endpoint?

A Cortex XSIAM engineer plans to add Kafka and Syslog Collectors to a Broker VM cluster. What are two expected behaviors of the applets when they are added to the cluster? (Choose...

Based on the _raw_log and XQL query information below, what will be the result(s) of the temp_value?

When activating the Cortex XSIAM tenant, how is the data at rest configured with AES 128 encryption?

A sub-playbook is configured to loop with a For Each Input. The following inputs are given to the sub-playbook: Input x: W,X,Y,Z Input y: a,b,c,d Input z: 9 Which inputs will be us...

The following string is a value of a key named "Data2" in the context: {"@admin":"admin","@dirtyld":"1","@loc":"Lab","@name":"default‐1","@oldname":"Test","@time": "2024/08/28 07:4...

A Cortex XDR agent is installed on an endpoint, but the agent is unable to download content updates and has not registered with the Cortex XSIAM server. An engineer troubleshoots t...

A Behavioral Threat Protection (BTP) alert is triggered with an action of "Prevented (Blocked)" on one of several application servers running Windows Server 2022. The investigation...

Which action will prevent the automatic extraction of indicators such as IP addresses and URLs from a script's output?

An application which ingests custom application logs is hosted in an on-premises virtual environment on an Ubuntu server, and it logs locally to a .csv file. Which set of actions w...

Which action is required to enable use of a custom script in an alert layout?

What is the reason all Broker VM options are greyed out when a user attempts to select a Broker VM as a download source in the Agent Settings profile?

What is a key characteristic of a parsing rule in Cortex XSIAM?

Which type of parsing error is categorized in the dataset "parsing_rules_errors"?

Before initiating a malware scan action on a Linux workstation, an engineer notices that the Cortex XDR agent's operational status on the workstation is reporting as "partially pro...

A Cortex XSIAM engineer is implementing role-based access control (RBAC) and scope-based access control (SBAC) for users accessing the Cortex XSIAM tenant with the following requir...

Administrators from Building 3 have been added to Cortex XSIAM to perform limited functions on a subset of endpoints. Custom roles have been created and applied to the administrato...

While using the playbook debugger, an engineer attaches the context of an alert as test data. What happens with respect to the interactions with the list objects via tasks in this...

What is the primary function of the URL "https://<region>-docker.pkg.dev" in the context of a Palo Alto Networks infrastructure?

Which component is responsible for identifying the correct parsing rule to apply for a unique data source in Cortex XSIAM?

When a newly installed agent is not reporting telemetry to Cortex XSIAM, which two steps should you check first? (Choose two)

Before updating the XDR Collector, what should an administrator verify to avoid disruption?

How will Cortex XSIAM help with raw log ingestion from third-party sources in an existing infrastructure?

In which two locations can correlation rules be monitored for errors? (Choose two.)

Which option should be used when customizing a dashboard in Cortex XSIAM to include a widget that will display data filtered by more than one dynamic value?

How must Cloud Identity Engine be deployed and activated on Cortex XSIAM?

Which common issue can result in sudden data ingestion loss for a data source that was previously successful?

While using the remote repository on a Development XSIAM tenant, which two objects can be pushed or pulled to the remote repository? (Choose two.)

When a Cortex XSIAM playbook execution reaches a breakpoint on a non-manual task, which two actions will allow the playbook to continue? (Choose two.)

What is the purpose of using rolling tokens to manage Cortex XDR agents?

Based on the image below, which statement applies to the ability to remove tabs when creating a new alert layout?

A Cortex XSIAM engineer is developing a playbook that uses reputation commands such as '!ip' to enrich and analyze indicators. Which statement applies to the use of reputation comm...

An engineer wants to onboard data from a third-party vendor's firewall. There is no content pack available for it, so the engineer creates custom data source integration and parsin...

Why is it important to understand the organization's current threat detection capabilities before deploying XSIAM?

How can administrators validate the effectiveness of exclusion rules in Cortex XSIAM? (Choose two)

To enable authentication integration for automated user provisioning in Cortex XSIAM, what steps are essential?