Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: buysanta

Exact2Pass Menu

Palo Alto Networks XDR Engineer

Last Update 17 hours ago Total Questions : 50

The Palo Alto Networks XDR Engineer content is now fully updated, with all current exam questions added 17 hours ago. Deciding to include XDR-Engineer practice exam questions in your study plan goes far beyond basic test preparation.

You'll find that our XDR-Engineer exam questions frequently feature detailed scenarios and practical problem-solving exercises that directly mirror industry challenges. Engaging with these XDR-Engineer sample sets allows you to effectively manage your time and pace yourself, giving you the ability to finish any Palo Alto Networks XDR Engineer practice test comfortably within the allotted time.

Question # 11

An engineer wants to automate the handling of alerts in Cortex XDR and defines several automation rules with different actions to be triggered based on specific alert conditions. Some alerts do not trigger the automation rules as expected. Which statement explains why the automation rules might not apply to certain alerts?

A.

They are executed in sequential order, so alerts may not trigger the correct actions if the rules are not configured properly

B.

They only apply to new alerts grouped into incidents by the system and only alerts that generate incidents trigger automation actions

C.

They can only be triggered by alerts with high severity; alerts with low or informational severity will not trigger the automation rules

D.

They can be applied to any alert, but they only work if the alert is manually grouped into an incident by the analyst

Question # 12

Based on the image of a validated false positive alert below, which action is recommended for resolution?

A.

Create an alert exclusion for OUTLOOK.EXE

B.

Disable an action to the CGO Process DWWIN.EXE

C.

Create an exception for the CGO DWWIN.EXE for ROP Mitigation Module

D.

Create an exception for OUTLOOK.EXE for ROP Mitigation Module

Question # 13

A security audit determines that the Windows Cortex XDR host-based firewall is not blocking outbound RDP connections for certain remote workers. The audit report confirms the following:

    All devices are running healthy Cortex XDR agents.

    A single host-based firewall rule to block all outbound RDP is implemented.

    The policy hosting the profile containing the rule applies to all Windows endpoints.

    The logic within the firewall rule is adequate.

    Further testing concludes RDP is successfully being blocked on all devices tested at company HQ.

    Network location configuration in Agent Settings is enabled on all Windows endpoints. What is the likely reason the RDP connections are not being blocked?

A.

The profile's default action for outbound traffic is set to Allow

B.

The pertinent host-based firewall rule group is only applied to external rule groups

C.

Report mode is set to Enabled in the report settings under the profile configuration

D.

The pertinent host-based firewall rule group is only applied to internal rule groups

Question # 14

Which step is required to configure a proxy for an XDR Collector?

A.

Edit the YAML configuration file with the new proxy information

B.

Restart the XDR Collector after configuring the proxy settings

C.

Connect the XDR Collector to the Pathfinder

D.

Configure the proxy settings on the Cortex XDR tenant

Question # 15

What are two possible actions that can be triggered by a dashboard drilldown? (Choose two.)

A.

Navigate to a different dashboard

B.

Initiate automated response actions

C.

Link to an XQL query

D.

Send alerts to console users

Go to page: