View Mode
Q: 1
[Cortex XDR Agent Configuration] Based on the Malware profile image below, what happens when a new custom-developed application attempts to execute on an endpoint? Palo Alto Networks Certified XDR Engineer question
Options
Q: 2
[Detection Engineering] An analyst considers an alert with the category of lateral movement to be allowed and not needing to be checked in the future. Based on the image below, which action can an engineer take to address the requirement? Palo Alto Networks Certified XDR Engineer question
Options
Q: 3
[Data Ingestion and Integration] What will be the output of the function below? L_TRIM("a* aapple", "a")
Options
Q: 4
[Maintenance and Troubleshooting] An insider compromise investigation has been requested to provide evidence of an unauthorized removable drive being mounted on a company laptop. Cortex XDR agent is installed with default prevention agent settings profile and default extension "Device Configuration" profile. Where can an engineer find the evidence?
Options
Q: 5
[Cortex XDR Agent Configuration] How are dynamic endpoint groups created and managed in Cortex XDR?
Options
Q: 6
[Dashboards and Reporting] Which action is being taken with the query below? dataset = xdr_data | fields agent_hostname, _time, _product | comp latest as latest_time by agent_hostname, _product | join type=inner (dataset = endpoints | fields endpoint_name, endpoint_status, endpoint_type) as lookup lookup.endpoint_name = agent_hostname | filter endpoint_status = ENUM.CONNECTED | fields agent_hostname, endpoint_status, latest_time, _product
Options
Q: 7
[Post-Deployment Management and Configuration] What happens when the XDR Collector is uninstalled from an endpoint by using the Cortex XDR console?
Options
Q: 8
[Post-Deployment Management and Configuration] A cloud administrator reports high network bandwidth costs attributed to Cortex XDR operations and asks for bandwidth usage to be optimized without compromising agent functionality. Which two techniques should the engineer implement? (Choose two.)
Options
Q: 9
[Data Ingestion and Integration] In addition to using valid authentication credentials, what is required to enable the setup of the Database Collector applet on the Broker VM to ingest database activity?
Options
Q: 10
[Maintenance and Troubleshooting] A query is created that will run weekly via API. After it is tested and ready, it is reviewed in the Query Center. Which available column should be checked to determine how many compute units will be used when the query is run?
Options
Question 1 of 20 · Page 1 / 2

Premium Access Includes

  • Quiz Simulator
  • Exam Mode
  • Progress Tracking
  • Question Saving
  • Flash Cards
  • Drag & Drops
  • 3 Months Access
  • PDF Downloads
Get Premium Access
Scroll to Top

FLASH OFFER

Days
Hours
Minutes
Seconds

avail 10% DISCOUNT on YOUR PURCHASE

  • USE THE CODE GIVEN BELOW ON YOUR CHECKOUT
DISCOUNT10