Palo Alto Networks XSIAM-Analyst Exam Questions

Question 6 of 50

For a critical incident, Cortex XSIAM suggests several playbooks which should have been executed automatically.
Why were the playbooks not executed?

A.

Playbook triggers were not configured for those alerts.

B.

Installation of the appropriate content pack was not completed.

C.

Misconfiguration of the connector instance has occurred.

D.

Playbook classifier was not configured for the alert type.

Suggested Answer: A

Community votes

No votes yet

Question 7 of 50

What information is provided in the timeline view of Cortex XSIAM?

A.

Graphic representation of an event Causality Instance (CI) with additional capabilities to enable further analysis

B.

Sequence of events, alerts, rules, and other actions involved over the lifespan of an incident

C.

Tab within an incident where analysts can collaborate and initiate further actions and automations

D.

Detailed overview of behavior or activity that triggered an Analytics Alert, Analytics BIOC alert, or correlation rule

Suggested Answer: B

Community votes

No votes yet

Question 8 of 50

Which two methods can be used to create and share queries into the Query Library? (Choose two.)

A.

From XQL Search, locate the query to save to a personal Query Library
Right-click, and select "Save query to library"
Enable the "Share with others" option

B.

From the Query Center, in the XQL query field, define the parameters of the query
Save as, and choose the "Query to Library" option
Enable the "Share with others" option

C.

From XQL Search, in the XQL query field, define the parameters of the query
Save as, and choose the "Query to Library" option
Enable the "Share with others" option

D.

From the Query Center, locate the query to save to a personal Query Library
Right-click, and select "Save query to library"
Enable the "Share with others" option

Suggested Answer: B, C

Community votes

No votes yet

Question 9 of 50

Which type of task can be used to create a decision tree in a playbook?

A.

Sub-playbook

B.

Job

C.

Standard

D.

Conditional

Suggested Answer: D

Community votes

No votes yet

Question 10 of 50

A Cortex XSIAM analyst is investigating a security incident involving a workstation after having deployed a Cortex XDR agent for 45 days. The incident details include the Cortex XDR Analytics Alert "Uncommon remote scheduled task creation."
Which response will mitigate the threat?

A.

Revoke user access and conduct a user audit.

B.

Allow list the processes to reduce alert noise.

C.

Initiate the endpoint isolate action to contain the threat.

D.

Prioritize blocking the source IP address to prevent further login attempts.

Suggested Answer: C

Community votes

No votes yet