Loading provider exams...
Sign Up & unlock 100% of Exam Questions
No Strings Attached!
Updated
How can a customer ingest additional events from a Windows DHCP server into Cortex XDR with minimal configuration?
This exam has 59 community-verified practice questions. Create a free account to access all questions, comments, and explanations.
Log In / Sign UpA query is created that will run weekly via API. After it is tested and ready, it is reviewed in the Query Center.
Which available column should be checked to determine how many compute units will be used when the query is run?
Some company employees are able to print documents when working from home, but not on network-attached printers, while others are able to print only to file.
What can be inferred about the affected users’ inability to print?
The most recent Cortex XDR agents are being installed at a newly acquired company. A list with endpoint types (i.e., OS, hardware, software) is provided to the engineer.
What should be cross-referenced for the Linux systems listed regarding the OS types and OS versions supported?
What are two possible actions that can be triggered by a dashboard drilldown? (Choose two.)
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Based on the SBAC scenario image below, when the tenant is switched to permissive mode, which endpoint(s) data will be accessible?

An administrator wants to employ reusable rules within custom parsing rules to apply consistent log field extraction across multiple data sources.
Which section of the parsing rule should the administrator use to define these reusable rules in Cortex XDR?
Which method will drop undesired logs and reduce the amount of data being ingested?
A new parsing rule is created, and during testing and verification, all the logs for which field data is to be parsed out are missing. All the other logs from this data source appear as expected.
What may be the cause of this behavior?
What should be configured in Cortex XDR to integrate asset data from Microsoft Azure for better visibility and incident investigation?
A security audit determines that the Windows Cortex XDR host-based firewall is not blocking outbound RDP connections for certain remote workers. The audit report confirms the following:
All devices are running healthy Cortex XDR agents.
A single host-based firewall rule to block all outbound RDP is implemented.
The policy hosting the profile containing the rule applies to all Windows endpoints.
The logic within the firewall rule is adequate.
Further testing concludes RDP is successfully being blocked on all devices tested at company HQ.
Network location configuration in Agent Settings is enabled on all Windows endpoints.
What is the likely reason the RDP connections are not being blocked?
A multinational company with over 300,000 employees has recently deployed Cortex XDR in North America. The solution includes the Identity Threat Detection and Response (ITDR) add-on, and the Cortex team has onboarded the Cloud Identity Engine to the North American tenant. After waiting the required soak period and deploying enough agents to receive identity and threat analytics detections, the team does not see user, group, or computer details for individuals from the European offices.
What may be the reason for the issue?
Which XQL query can be saved as a behavioral indicator of compromise (BIOC) rule, then converted to a custom prevention rule?
Using the Cortex XDR console, how can additional network access be allowed from a set of IP addresses to an isolated endpoint?
When isolating Cortex XDR agent components to troubleshoot for compatibility, which command is used to turn off a component on a Windows machine?
During deployment of Cortex XDR for Linux Agents, the security engineering team is asked to implement memory monitoring for agent health monitoring.
Which agent service should be monitored to fulfill this request?
Based on the image of a validated false positive alert below, which action is recommended for resolution?

What is a benefit of ingesting and forwarding Palo Alto Networks NGFW logs to Cortex XDR?
How long is data kept in the temporary hot storage cache after being queried from cold storage?
What will be the output of the function below?
LTRIM(“a aapple*”, “*a”)
How can a Malware profile be configured to prevent a specific executable from being uploaded to the cloud?
When onboarding a Palo Alto Networks NGFW to Cortex XDR, what must be done to confirm that logs are being ingested successfully after a device is selected and verified?
Which components may be included in a Cortex XDR content update?
What happens when the XDR Collector is uninstalled from an endpoint by using the Cortex XDR console?