nerdexam
Palo_Alto_Networks

XSIAM-ENGINEER · Question #47

XSIAM-ENGINEER Question #47: Real Exam Question with Answer & Explanation

The correct answer is B. Reputation commands such as '!ip' will fail if the required reputation integration instance is not. Reputation commands such as !ip rely on a configured and enabled reputation integration instance (for example, VirusTotal, Palo Alto WildFire, or other threat intel sources). If no such instance is available, the command execution will fail, since it cannot retrieve enrichment da

Question

A Cortex XSIAM engineer is developing a playbook that uses reputation commands such as '!ip' to enrich and analyze indicators. Which statement applies to the use of reputation commands in this scenario?

Options

  • AIf no reputation integration instance is configured, the '!ip' command will execute but will return
  • BReputation commands such as '!ip' will fail if the required reputation integration instance is not
  • CThe mapping flow for enrichment commands is disabled if extraction is set to "None."
  • DEnrichment data will not be saved to the indicator unless the extraction setting is manually

Explanation

Reputation commands such as !ip rely on a configured and enabled reputation integration instance (for example, VirusTotal, Palo Alto WildFire, or other threat intel sources). If no such instance is available, the command execution will fail, since it cannot retrieve enrichment data.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full XSIAM-ENGINEER Practice