A Cortex XSIAM engineer at a SOC downgrades a critical threat intelligence content pack from the Cortex Marketplace while performing routine maintenance. As a result, the SOC team loses access to the latest threat intelligence data.
Which action will restore the functionality of the content pack to its previously installed version?
Answer : D
To restore the content pack to its previously installed version, the engineer can directly reinstall the desired version from the Cortex Marketplace. Content packs support version management, allowing rollback or upgrade without requiring support intervention or removing existing configurations.
What is the primary benefit of setting the "--memory-swap" option to "-1" during Cortex XSIAM engine deployment?
Answer : C
Setting the '--memory-swap' option to '-1' during Cortex XSIAM engine deployment configures the container to run without requiring swap capabilities. This ensures the engine operates fully within allocated RAM, improving stability and avoiding issues related to memory swapping.
When Cortex XDR agents are on servers in a zone with no internet access, which configuration will keep them communicating with the platform?
Answer : B
For Cortex XDR agents running on servers in zones without internet access, a Broker VM is used as a communication bridge. The Broker VM securely relays traffic between the isolated agents and the Cortex platform, maintaining connectivity without requiring direct internet access from the servers.
What is the role of "in" in the query line below?
action_local_port in (1122, 2234)
Answer : B
In the query action_local_port in (1122, 2234), the word 'in' functions as an operator. It checks whether the field action_local_port matches any value in the specified list (1122, 2234).
While using the playbook debugger, an engineer attaches the context of an alert as test data.
What happens with respect to the interactions with the list objects via tasks in this scenario?
Answer : A
When running the playbook debugger with attached test data, Cortex XSIAM operates entirely in debug mode, meaning neither the original list objects nor the original context are altered. All interactions happen in an isolated debug environment to avoid impacting production data.
Which cytool command will look up the policy being applied to a Cortex XDR agent?
Answer : C
The cytool adaptive_policy recalc command is used to look up and recalculate the policy being applied to a Cortex XDR agent, allowing engineers to verify the active policy enforcement on the endpoint.
During a new Cortex XSIAM deployment, a user consistently experiences timeout sessions while trying to connect to the agent through Live Terminal, even though the firewall engineer has confirmed that all source IP addresses, port 443, and destinations are allowed.
What could be causing these persistent timeout issues?
Answer : B
Persistent timeout issues with Cortex XSIAM Live Terminal, despite firewall rules being open, are often caused by SSL Decryption inspecting the traffic. Live Terminal relies on secure, end-to-end TLS communication, and decryption breaks this channel, leading to session failures.