Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

XSIAM-ANALYST by Palo Alto Networks - Page 1 | ExamCademy

Mode Selection

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 2 • Questions 1-25 of 50

1 2

→

Know a question that should be here? Contribute to this exam

A Cortex XSIAM analyst is investigating a security incident involving a workstation after having deployed a Cortex XDR agent for 45 days. The incident details include the Cortex XDR Analytics Alert "Uncommon remote scheduled task creation."
Which response will mitigate the threat?

A Revoke user access and conduct a user audit.
B Allow list the processes to reduce alert noise.
C Initiate the endpoint isolate action to contain the threat.
D Prioritize blocking the source IP address to prevent further login attempts.

A Cortex XSIAM analyst is reading a blog that references an unfamiliar critical zero-day vulnerability. This vulnerability has been weaponized, and there is evidence that it is being exploited by threat actors targeting a customer's industry.
Where can the analyst go within Cortex XSIAM to learn more about this vulnerability and any potential impacts on the customer environment?

A Threat Intel Management --> Sample Analysis
B Attack Surface --> Threat Response Center
C Attack Surface --> Attack Surface Rules
D Threat Intel Management --> Indicator

Which pane in the User Risk View will identify the country from which a user regularly logs in, based on the past few weeks of data?

A Login Attempts
B ACTUAL ACTIVITY
C Latest Authentication Attempts
D Common Locations

Which interval is the duration of time before an analytics detector can raise an alert?

A Activation period
B Deduplication period
C Training period
D Test period

Which attributes can be used as featured fields?

A Device-ID, URL, port, and indicator
B CIDR range, file hash, tags, and log source
C Endpoint-ID, alert source, critical asset, and threat name
D Hostnames, user names, IP addresses, and Active Directory

Which dataset should an analyst search when looking for Palo Alto Networks NGFW logs?

A dataset = pan_dss_raw
B dataset = ngfw_threat_panw_raw
C dataset = panw_ngfw_traffic_raw
D dataset = ngfw*

Which two actions will allow a security analyst to review updated commands from the core pack and interpret the results without altering the incident audit? (Choose two.)

A Create a playbook with the commands and run it from within the War Room.
B Run the core commands directly by typing them into the playground CLI.
C Run the core commands directly from the Command and Scripts menu inside playground.
D Run the core commands directly from the playground and invite other collaborators.

How can a SOC analyst highlight alerts generated on C-level executive hosts?

A Add the C-level executive users to the Executive Accounts asset role.
B Add a tag to the C-level executive users.
C Create a Featured Alert field for the C-level hosts.
D Create a dynamic group for the C-level hosts.

An analyst conducting a threat hunt needs to collect multiple files from various endpoints. The analyst begins the file retrieval process by using the Action Center, but upon review of the retrieved files, notices that the list is incomplete and missing files, including kernel files.
What could be the reason for this issue?

A The file retrieval policy applied to the endpoints may restrict access to certain system or kernel files.
B The retrieval process is limited to 500 MB in total file size.
C The endpoint agents were in offline mode during the file retrieval process, causing some files to be skipped.
D The analyst must manually retrieve kernel files by accessing the machine directly.

What information is provided in the timeline view of Cortex XSIAM?

A Graphic representation of an event Causality Instance (CI) with additional capabilities to enable further analysis
B Sequence of events, alerts, rules, and other actions involved over the lifespan of an incident
C Tab within an incident where analysts can collaborate and initiate further actions and automations
D Detailed overview of behavior or activity that triggered an Analytics Alert, Analytics BIOC alert, or correlation rule