Palo Alto Networks XSIAM-Analyst Exam Questions

Question 6 of 50

For a critical incident, Cortex XSIAM suggests several playbooks which should have been executed automatically.
Why were the playbooks not executed?

Playbook triggers were not configured for those alerts.

Installation of the appropriate content pack was not completed.

Misconfiguration of the connector instance has occurred.

Playbook classifier was not configured for the alert type.

Correct Answer: A

Question 7 of 50

What information is provided in the timeline view of Cortex XSIAM?

Graphic representation of an event Causality Instance (CI) with additional capabilities to enable further analysis

Sequence of events, alerts, rules, and other actions involved over the lifespan of an incident

Tab within an incident where analysts can collaborate and initiate further actions and automations

Detailed overview of behavior or activity that triggered an Analytics Alert, Analytics BIOC alert, or correlation rule

Correct Answer: B

Question 8 of 50

Which two methods can be used to create and share queries into the Query Library? (Choose two.)

From XQL Search, locate the query to save to a personal Query Library
Right-click, and select "Save query to library"
Enable the "Share with others" option

From the Query Center, in the XQL query field, define the parameters of the query
Save as, and choose the "Query to Library" option
Enable the "Share with others" option

From XQL Search, in the XQL query field, define the parameters of the query
Save as, and choose the "Query to Library" option
Enable the "Share with others" option

From the Query Center, locate the query to save to a personal Query Library
Right-click, and select "Save query to library"
Enable the "Share with others" option

Correct Answer: B, C

Question 9 of 50

Which type of task can be used to create a decision tree in a playbook?

Sub-playbook

Job

Standard

Conditional

Correct Answer: D

Question 10 of 50

A Cortex XSIAM analyst is investigating a security incident involving a workstation after having deployed a Cortex XDR agent for 45 days. The incident details include the Cortex XDR Analytics Alert "Uncommon remote scheduled task creation."
Which response will mitigate the threat?

Revoke user access and conduct a user audit.

Allow list the processes to reduce alert noise.

Initiate the endpoint isolate action to contain the threat.

Prioritize blocking the source IP address to prevent further login attempts.

Correct Answer: C