Palo Alto Networks Certified XDR Engineer XDR-Engineer Exam Questions

Page: 1 / 14
Total 50 questions
Question 1

[Post-Deployment Management and Configuration]

Which components may be included in a Cortex XDR content update?



Answer : B


Question 2

[Planning and Installation]

During deployment of Cortex XDR for Linux Agents, the security engineering team is asked to implement memory monitoring for agent health monitoring. Which agent service should be monitored to fulfill this request?



Answer : D


Question 3

[Playbook Creation and Automation]

An XDR engineer is configuring an automation playbook to respond to high-severity malware alerts by automatically isolating the affected endpoint and notifying the security team via email. The playbook should only trigger for alerts generated by the Cortex XDR analytics engine, not custom BIOCs. Which two conditions should the engineer include in the playbook trigger to meet these requirements? (Choose two.)



Answer : A, C


Question 4

[Data Ingestion and Integration]

Which configuration profile option with an available built-in template can be applied to both Windows and Linux systems by using XDR Collector?



Answer : A


Question 5

[Data Ingestion and Integration]

What should be configured in Cortex XDR to integrate asset data from Microsoft Azure for better visibility and incident investigation?



Answer : C


Question 6

[Detection Engineering]

Which XQL query can be saved as a behavioral indicator of compromise (BIOC) rule, then converted to a custom prevention rule?



Answer : D


Question 7

[Dashboards and Reporting]

An engineer is building a dashboard to visualize the number of alerts from various sources. One of the widgets from the dashboard is shown in the image below:

The engineer wants to configure a drilldown on this widget to allow dashboard users to select any of the alert names and view those alerts with additional relevant details. The engineer has configured the following XQL query to meet the requirement:

dataset = alerts

| fields alert_name, description, alert_source, severity, original_tags, alert_id, incident_id

| filter alert_name =

| sort desc _time

How will the engineer complete the third line of the query (filter alert_name =) to allow dynamic filtering on a selected alert name?



Answer : B


Page:    1 / 14   
Total 50 questions