Free Palo Alto Networks XDR-Engineer Practice Test & Real Exam Questions
Which step is required to configure a proxy for an XDR Collector?
Correct Answer: D
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
An analyst remotely investigates a compromised endpoint using Live Terminal. What advantage does this provide over traditional remote desktop access?
Correct Answer: A
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
A security audit determines that the Windows Cortex XDR host-based firewall is not blocking outbound RDP connections for certain remote workers. The audit report confirms the following:
- All devices are running healthy Cortex XDR agents.
- A single host-based firewall rule to block all outbound RDP is
implemented.
- The policy hosting the profile containing the rule applies to all
Windows endpoints.
- The logic within the firewall rule is adequate.
- Further testing concludes RDP is successfully being blocked on all
devices tested at company HQ.
- Network location configuration in Agent Settings is enabled on all
Windows endpoints.
What is the likely reason the RDP connections are not being blocked?
- All devices are running healthy Cortex XDR agents.
- A single host-based firewall rule to block all outbound RDP is
implemented.
- The policy hosting the profile containing the rule applies to all
Windows endpoints.
- The logic within the firewall rule is adequate.
- Further testing concludes RDP is successfully being blocked on all
devices tested at company HQ.
- Network location configuration in Agent Settings is enabled on all
Windows endpoints.
What is the likely reason the RDP connections are not being blocked?
Correct Answer: D
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
An attacker injects malicious code into a legitimate process to evade traditional signature-based detection mechanisms. Which Cortex XDR capability addresses this technique?
Correct Answer: A
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
Log events from a previously deployed Windows XDR Collector agent are no longer being observed in the console after an OS upgrade. Which aspect of the log events is the probable cause of this behavior?
Correct Answer: C
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
An engineer wants to automate the handling of alerts in Cortex XDR and defines several automation rules with different actions to be triggered based on specific alert conditions. Some alerts do not trigger the automation rules as expected. Which statement explains why the automation rules might not apply to certain alerts?
Correct Answer: D
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
A threat hunter wants to identify rare parent-child process relationships observed fewer than five times during the previous month. Which approach is most suitable?
Correct Answer: D
Vote an answer
Explanation: Only visible for Pass4Leader members. You can sign-up / login (it's free).
