Free Palo Alto Networks XDR-Engineer Exam Questions

Question 1

An XDR engineer is configuring an automation playbook to respond to high-severity malware alerts by automatically isolating the affected endpoint and notifying the security team via email. The playbook should only trigger for alerts generated by the Cortex XDR analytics engine, not custom BIOCs. Which two conditions should the engineer include in the playbook trigger to meet these requirements? (Choose two.)

A : Alert severity is High

B : Alert source is Cortex XDR Analytics

C : Alert category is Malware

D : Alert status is New

Answer: A,C

Question 2

Based on the Malware profile image below, what happens when a new custom-developed application attempts to execute on an endpoint?

A : It will immediately execute

B : It will not execute

C : It will execute after one hour

D : It will execute after the second attempt

Answer: B

Question 3

Which action is being taken with the query below?dataset = xdr_data| fields agent_hostname, _time, _product| comp latest as latest_time by agent_hostname, _product| join type=inner (dataset = endpoints| fields endpoint_name, endpoint_status, endpoint_type) as lookup lookup.endpoint_name = agent_hostname| filter endpoint_status = ENUM.CONNECTED| fields agent_hostname, endpoint_status, latest_time, _product

A : Monitoring the latest activity of endpoints

B : Identifying endpoints that have disconnected from the network

C : Monitoring the latest activity of connected firewall endpoints

D : Checking for endpoints with outdated agent versions

Answer: A

Question 4

Which two steps should be considered when configuring the Cortex XDR agent for a sensitive and highly regulated environment? (Choose two.)

A : Enable critical environment versions

B : Create an agent settings profile where the agent upgrade scope is maintenance releases only

C : Create an agent settings profile, enable content auto-update, and include a delay of four days

D : Enable minor content version updates

Answer: B,C

Question 5