Palo Alto Networks XDR-Engineer Exam Practice Test Instant Access

Question 1

[Cortex XDR Agent Configuration]

Which two steps should be considered when configuring the Cortex XDR agent for a sensitive and highly regulated environment? (Choose two.)

AEnable critical environment versions

BCreate an agent settings profile where the agent upgrade scope is maintenance releases only

CCreate an agent settings profile, enable content auto-update, and include a delay of four days

DEnable minor content version updates

Answer : B, C

Question 2

[Detection Engineering]

What is the earliest time frame an alert could be automatically generated once the conditions of a new correlation rule are met?

ABetween 30 and 45 minutes

BImmediately

C5 minutes or less

DBetween 10 and 20 minutes

Answer : C

Question 3

[Detection Engineering]

An XDR engineer is creating a correlation rule to monitor login activity on specific systems. When the activity is identified, an alert is created. The alerts are being generated properly but are missing the username when viewed. How can the username information be included in the alerts?

ASelect ''Initial Access'' in the MITRE ATT&CK mapping to include the username

BUpdate the query in the correlation rule to include the username field

CAdd a mapping for the username field in the alert fields mapping

DAdd a drill-down query to the alert which pulls the username field

Answer : C

Question 4

[Post-Deployment Management and Configuration]

A cloud administrator reports high network bandwidth costs attributed to Cortex XDR operations and asks for bandwidth usage to be optimized without compromising agent functionality. Which two techniques should the engineer implement? (Choose two.)

AConfigure P2P download sources for agent upgrades and content updates

BEnable minor content version updates

CEnable agent content management bandwidth control

DDeploy a Broker VM and activate the local agent settings applet

Answer : A, C

Question 5

[Data Ingestion and Integration]

A multinational company with over 300,000 employees has recently deployed Cortex XDR in North Americ

a. The solution includes the Identity Threat Detection and Response (ITDR) add-on, and the Cortex team has onboarded the Cloud Identity Engine to the North American tenant. After waiting the required soak period and deploying enough agents to receive Identity and threat analytics detections, the team does not see user, group, or computer details for individuals from the European offices. What may be the reason for the issue?

AThe XDR tenant is not in the same region as the Cloud Identity Engine

BThe Cloud Identity Engine plug-in has not been installed and configured

CThe Cloud Identity Engine needs to be activated in all global regions

DThe ITDR add-on is not compatible with the Cloud Identity Engine

Answer : A

Question 6

[Data Ingestion and Integration]

Which step is required to configure a proxy for an XDR Collector?

AEdit the YAML configuration file with the new proxy information

BRestart the XDR Collector after configuring the proxy settings

CConnect the XDR Collector to the Pathfinder

DConfigure the proxy settings on the Cortex XDR tenant

Answer : A

Question 7

[Cortex XDR Agent Configuration]

Based on the Malware profile image below, what happens when a new custom-developed application attempts to execute on an endpoint?

AIt will immediately execute

BIt will not execute

CIt will execute after one hour

DIt will execute after the second attempt

Answer : B

Palo Alto Networks XDR-Engineer Palo Alto Networks Certified XDR Engineer Exam Practice Test