Palo Alto Networks XSIAM-Engineer - Palo Alto Networks XSIAM Engineer Exam
Page: 2 / 12
Total 59 questions
Question #6 (Topic: Exam A)
While using the remote repository on a Development XSIAM tenant, which two objects can be pushed or pulled to the remote repository? (Choose two.)
A. Scripts
B. Parsing rules
C. Lists
D. Layouts
Answer: AC
Question #7 (Topic: Exam A)
When a Cortex XSIAM playbook execution reaches a breakpoint on a non-manual task, which two actions will allow the playbook to continue? (Choose two.)
A. Disable the breakpoint and rerun the playbook from the start.
B. Skip the task with the breakpoint to let the playbook proceed automatically.
C. Wait for all parallel tasks to be completed before the breakpoint task resumes automatically.
D. Click Run Script Now or Complete Manually.
Answer: BD
Question #8 (Topic: Exam A)
What is the purpose of using rolling tokens to manage Cortex XDR agents?
A. To periodically rotate encryption keys used for tenant communication
B. To perform administration on agents without requiring static credentials
C. To authorize agents to download and install content updates
D. To temporarily disable the agents during maintenance windows
Answer: B
Question #9 (Topic: Exam A)
Based on the image below, which statement applies to the ability to remove tabs when creating a new alert layout?
A. Only "Alert Info" tab can be removed.
B. Only "Alert Info" and "War Room" tabs can be removed.
C. Only "War Room" and "Work Plan" tabs can be removed.
D. Only "Work Plan" tab can be removed.
Answer: C
Question #10 (Topic: Exam A)
A Cortex XSIAM engineer is developing a playbook that uses reputation commands such as '!ip' to enrich and analyze indicators.
Which statement applies to the use of reputation commands in this scenario?
Which statement applies to the use of reputation commands in this scenario?
A. If no reputation integration instance is configured, the '!ip' command will execute but will return no results.
B. Reputation commands such as '!ip' will fail if the required reputation integration instance is not configured and enabled.
C. The mapping flow for enrichment commands is disabled if extraction is set to "None."
D. Enrichment data will not be saved to the indicator unless the extraction setting is manually configured in the playbook task.
Answer: B
