nerdexam
Palo_Alto_Networks

XSIAM-ENGINEER · Question #18

XSIAM-ENGINEER Question #18: Real Exam Question with Answer & Explanation

The correct answer is A. 123. The XQL query uses regextract with conditions to check if the source IP begins with 149.235. When true, it assigns the replacement value 192.168.10.1, otherwise it extracts the source port. From the given logs, this produces 123 (from the port extraction in the second log) and 19

Question

Based on the _raw_log and XQL query information below, what will be the result(s) of the temp_value?

Exhibit

XSIAM-ENGINEER question #18 exhibit

Options

  • A123
  • B20
  • C10.120.80.2
  • D149.235.219.208

Explanation

The XQL query uses regextract with conditions to check if the source IP begins with 149.235. When true, it assigns the replacement value 192.168.10.1, otherwise it extracts the source port. From the given logs, this produces 123 (from the port extraction in the second log) and 192.168.10.1 (replacement for the first log's matching source IP).

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full XSIAM-ENGINEER Practice