最新的Palo Alto Networks XSIAM-Analyst免費考試真題

問題1

While investigating an incident on the Incident Overview page, an analyst notices that the playbook encountered an error. Upon playbook work plan review, it is determined that the error was caused by a timeout. However, the analyst does not have the necessary permissions to fix or create a new playbook.
Given the critical nature of the incident, what can the analyst do to ensure the playbook continues executing the remaining steps?

A. Contact TAC to resolve the task error, as the playbook cannot proceed without it

B. Pause the step with the error, thus automatically triggering the execution of the remaining steps.

C. Clone the playbook, remove the faulty step and run the new playbook to bypass the error

D. Navigate to the step where the error occurred and run the task again

正確答案: B

說明：（僅 Fast2test 成員可見）

問題2

During an investigation, an analyst runs the reputation script for an indicator that is listed as Suspicious. The new reputation results display in the War Room as Malicious; however, the indicator verdict does not change.
What is the cause of this behavior?

A. The indicator is expired.

B. The indicator verdict was manually set to Suspicious.

C. The indicator has been excluded.

D. The indicator exists as an IOC rule.

正確答案: B

說明：（僅 Fast2test 成員可見）

問題3

What is required to create a custom prioritization rule in Cortex XSIAM?
Response:

A. Specific alert attributes or tags

B. Access to Cortex CLI

C. Scheduled report exports

D. Read-only role permissions

正確答案: A

問題4

An analyst conducting a threat hunt needs to collect multiple files from various endpoints. The analyst begins the file retrieval process by using the Action Center, but upon review of the retrieved files, notices that the list is incomplete and missing files, including kernel files.
What could be the reason for the issue?

A. The analyst must manually retrieve kernel files by accessing the machine directly

B. The endpoint agents were in offline mode during the file retrieval process, causing some files to be skipped

C. The retrieval process is limited to 500 MB in total file size

D. The file retrieval policy applied to the endpoints may restrict access to certain system or kernel files

正確答案: D

說明：（僅 Fast2test 成員可見）

問題5

Why would an analyst schedule an XQL query?

A. To auto-resolve a false positive alert

B. To retrieve data either at specific intervals or at a specified time

C. To increase accuracy of queries during off-peak load times

D. To trigger endpoint isolation action

正確答案: B

說明：（僅 Fast2test 成員可見）

問題6

While analyzing an active malware infection, what actions should an analyst take?
Response:

A. Export logs to CSV

B. Initiate live terminal session

C. Isolate the endpoint

D. Disconnect the firewall

正確答案: B,C

問題7

What information is provided in the timeline view of Cortex XSIAM?

A. Tab within an incident where analysts can collaborate and initiate further actions and automations

B. Graphic representation of an event Causality Instance (CI) with additional capabilities to enable further analysis

C. Detailed overview of behavior or activity that triggered an Analytics Alert, Analytics BIOC alert or correlation rule

D. Sequence of events, alerts, rules and other actions involved over the lifespan of an incident

正確答案: D

說明：（僅 Fast2test 成員可見）

問題8

Which Cytool command will re-enable protection on an endpoint that has Cortex XDR agent protection paused?

A. cytool runtime start

B. cytool protect enable

C. cytool service start

D. cytool security enable

正確答案: D

說明：（僅 Fast2test 成員可見）

問題9

What is the purpose of data stitching in Cortex XSIAM?
Response:

A. Encrypting alert payloads

B. Disabling correlation

C. Backing up datasets

D. Combining alert metadata across sources

正確答案: D

問題10

Which of the following actions are possible after an endpoint alert is raised?
Response:

A. Block the asset's MAC address

B. Isolate the endpoint from the network

C. Perform a malware scan on the asset

D. Reassign it to a different SOC queue

正確答案: B,C

最新的Palo Alto Networks XSIAM Analyst - XSIAM-Analyst免費考試真題

聯系我們

站內鏈接

最新更新