Palo Alto Networks XSIAM-Analyst - Palo Alto Networks Certified XSIAM Analyst Exam
Page: 1 / 10
Total 50 questions
Question #1 (Topic: Exam A)
Which dataset should an analyst search when looking for Palo Alto Networks NGFW logs?
A. dataset = pan_dss_raw
B. dataset = ngfw_threat_panw_raw
C. dataset = panw_ngfw_traffic_raw
D. dataset = ngfw*
Answer: C
Question #2 (Topic: Exam A)
In which two locations can mapping be configured for indicators? (Choose two.)
A. Feed Integration settings
B. Indicator Configuration in Object Setup
C. STIX parser code
D. Classification & Mapping tab
Answer: AB
Question #3 (Topic: Exam A)
An analyst conducting a threat hunt needs to collect multiple files from various endpoints. The analyst begins the file retrieval process by using the Action Center, but upon review of the retrieved files, notices that the list is incomplete and missing files, including kernel files.
What could be the reason for this issue?
What could be the reason for this issue?
A. The file retrieval policy applied to the endpoints may restrict access to certain system or kernel files.
B. The retrieval process is limited to 500 MB in total file size.
C. The endpoint agents were in offline mode during the file retrieval process, causing some files to be skipped.
D. The analyst must manually retrieve kernel files by accessing the machine directly.
Answer: A
Question #4 (Topic: Exam A)
Which interval is the duration of time before an analytics detector can raise an alert?
A. Activation period
B. Deduplication period
C. Training period
D. Test period
Answer: A
Question #5 (Topic: Exam A)
Which two actions can an analyst take to reduce the number of false positive alerts generated by a custom BIOC? (Choose two.)
A. Implement a BIOC rule exception.
B. Implement a global exception in the prevention profile.
C. Implement an alert exclusion rule.
D. Implement a shunt in a BIOC bypass rule.
Answer: AC
