Palo Alto Networks XDR Engineer - XDR-Engineer Exam Practice Test

Question 1

What happens when the XDR Collector is uninstalled from an endpoint by using the Cortex XDR console?

A. The associated configuration data is removed from the Action Center immediately after uninstallation

B. It is uninstalled during the next heartbeat communication, machine status changes to Uninstalled, and the configuration data is retained for 90 days

C. The files are removed immediately, and the machine is deleted from the system without any retention period

D. The machine status remains active until manually removed, and the configuration data is retained for up to seven days

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 2

Which configuration profile option with an available built-in template can be applied to both Windows and Linux systems by using XDR Collector?

A. HTTP Collector template

B. Winlogbeat

C. Filebeat

D. XDR Collector settings

Correct Answer: C

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 3

An engineer is building a dashboard to visualize the number of alerts from various sources. One of the widgets from the dashboard is shown in the image below:

The engineer wants to configure a drilldown on this widget to allow dashboard users to select any of the alert names and view those alerts with additional relevant details. The engineer has configured the following XQL query to meet the requirement:
dataset = alerts
| fields alert_name, description, alert_source, severity,
original_tags, alert_id, incident_id
| filter alert_name =
| sort desc _time
How will the engineer complete the third line of the query (filter alert_name =) to allow dynamic filtering on a selected alert name?

A. $y_axis.name

B. $y_axis.value

C. $x_axis.value

D. $x_axis.name

Correct Answer: C

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 4

An analyst remotely investigates a compromised endpoint using Live Terminal. What advantage does this provide over traditional remote desktop access?

A. Eliminates Authentication Requirements

B. Disables Endpoint Logging

C. Automatic Privilege Escalation

D. Controlled and Audited Access

Correct Answer: D

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 5

A cloud administrator reports high network bandwidth costs attributed to Cortex XDR operations and asks for bandwidth usage to be optimized without compromising agent functionality. Which two techniques should the engineer implement? (Choose two.)

A. Enable minor content version updates

B. Enable agent content management bandwidth control

C. Configure P2P download sources for agent upgrades and content updates

D. Deploy a Broker VM and activate the local agent settings applet

Correct Answer: C,D

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 6

Based on the image of a validated false positive alert below, which action is recommended for resolution?

A. Create an alert exclusion for OUTLOOK.EXE

B. Create an exception for OUTLOOK.EXE for ROP Mitigation Module

C. Disable an action to the CGO Process DWWIN.EXE

D. Create an exception for the CGO DWWIN.EXE for ROP Mitigation Module

Correct Answer: B

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Question 7

An insider compromise investigation has been requested to provide evidence of an unauthorized removable drive being mounted on a company laptop. Cortex XDR agent is installed with default prevention agent settings profile and default extension "Device Configuration" profile. Where can an engineer find the evidence?

A. dataset = xdr_data | filter event_type = ENUM.MOUNT and event_sub_type = ENUM.MOUNT_DRIVE_MOUNT

B. preset = device_control

C. Check Host Inventory -> Mounts

D. The requested data requires additional configuration to be captured

Correct Answer: D

Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).

Palo Alto Networks XDR Engineer - XDR-Engineer Exam Practice Test

Latest Update

Useful Links

Contact Us