Page: 1 / 10
Total 50 questions | Updated On: Jan 06, 2026
An XDR engineer is configuring an automation playbook to respond to high-severity malware alerts by automatically isolating the affected endpoint and notifying the security team via email. The playbook should only trigger for alerts generated by the Cortex XDR analytics engine, not custom BIOCs. Which two conditions should the engineer include in the playbook trigger to meet these requirements? (Choose two.)
Based on the Malware profile image below, what happens when a new custom-developed application attempts to execute on an endpoint?
Which action is being taken with the query below?
dataset = xdr_data
| fields agent_hostname, _time, _product
| comp latest as latest_time by agent_hostname, _product
| join type=inner (dataset = endpoints
| fields endpoint_name, endpoint_status, endpoint_type) as lookup lookup.endpoint_name = agent_hostname
| filter endpoint_status = ENUM.CONNECTED
| fields agent_hostname, endpoint_status, latest_time, _product
Which two steps should be considered when configuring the Cortex XDR agent for a sensitive and highly regulated environment? (Choose two.)
Which method will drop undesired logs and reduce the amount of data being ingested?
Quickly grab our XDR-Engineer product now and kickstart your exam preparation today!
| Name: | Palo Alto Networks XDR Engineer |
| Exam Code: | XDR-Engineer |
| Certification: | Security Operations |
| Vendor: | Palo Alto Networks |
| Total Questions: | 50 |
| Last Updated: | Jan 06, 2026 |
© Copyright https://certsexpert.com 2015- 2026, All Rights Are Reserved.
