Palo Alto Networks XDR-Engineer Exam Questions Instant Access

Question 1

[Cortex XDR Agent Configuration]

A static endpoint group is created by adding 321 endpoints using the Upload From File feature. However, after group creation, the members count field shows 244 endpoints. What are two possible reasons why endpoints were not added to the group? (Choose two.)

AStatic groups have a limit of 250 endpoints when adding by file

BEndpoints added to the new group were previously added to an existing group

CEndpoints added to the group were in Disconnected or Connection Lost status when groupmembership was added

DThe IP address, hostname, or alias of the endpoints must match an existing agent that has registered with the tenant

Answer : C, D

Question 2

[Dashboards and Reporting]

Which statement describes the functionality of fixed filters and dashboard drilldowns in enhancing a dashboard's interactivity and data insights?

AFixed filters allow users to select predefined data values, while dashboard drilldowns enable users to alter the scope of the data displayed by selecting filter values from the dashboard header

BFixed filters limit the data visible in widgets, while dashboard drilldowns allow users to download data from the dashboard in various formats

CFixed filters let users select predefined or dynamic values to adjust the scope, while dashboard drilldowns provide interactive insights or trigger contextual changes, like linking to XQL searches

DFixed filters allow users to adjust the layout, while dashboard drilldowns provide links to external reports and/or dashboards

Answer : C

Question 3

[Data Ingestion and Integration]

How can a customer ingest additional events from a Windows DHCP server into Cortex XDR with minimal configuration?

AActivate Windows Event Collector (WEC)

BInstall the XDR Collector

CEnable HTTP collector integration

DInstall the Cortex XDR agent

Answer : B

Question 4

[Post-Deployment Management and Configuration]

What happens when the XDR Collector is uninstalled from an endpoint by using the Cortex XDR console?

AThe files are removed immediately, and the machine is deleted from the system without any retention period

BThe machine status remains active until manually removed, and the configuration data is retained for up to seven days

CIt is uninstalled during the next heartbeat communication, machine status changes to Uninstalled, and the configuration data is retained for 90 days

DThe associated configuration data is removed from the Action Center immediately after uninstallation

Answer : C

Question 5

[Detection Engineering]

During a recent internal purple team exercise, the following recommendation is given to the detection engineering team: Detect and prevent command line invocation of Python on Windows endpoints by non-technical business units. Which rule type should be implemented?

AAnalytics Behavioral Indicator of Compromise (ABIOC)

BBehavioral Indicator of Compromise (BIOC)

CCorrelation

DIndicator of Compromise (IOC)

Answer : B

Question 6

[Data Ingestion and Integration]

A new parsing rule is created, and during testing and verification, all the logs for which field data is to be parsed out are missing. All the other logs from this data source appear as expected. What may be the cause of this behavior?

AThe Broker VM is offline

BThe parsing rule corrupted the database

CThe filter stage is dropping the logs

DThe XDR Collector is dropping the logs

Answer : C

Question 7

[Playbook Creation and Automation]

An XDR engineer is configuring an automation playbook to respond to high-severity malware alerts by automatically isolating the affected endpoint and notifying the security team via email. The playbook should only trigger for alerts generated by the Cortex XDR analytics engine, not custom BIOCs. Which two conditions should the engineer include in the playbook trigger to meet these requirements? (Choose two.)

AAlert severity is High

BAlert source is Cortex XDR Analytics

CAlert category is Malware

DAlert status is New

Answer : A, C

Palo Alto Networks Certified XDR Engineer XDR-Engineer Exam Questions