Free Palo Alto Networks XSIAM Engineer Exam XSIAM-Engineer Exam Practice Test

In which two locations can correlation rules be monitored for errors? (Choose two.)

• XDR Collector audit logs (type = Rules, subtype = Error)
• correlations_auditing dataset through XQL
• Management audit logs (type = Rules, subtype = Error)
• Alerts table as a health alert

While using the remote repository on a Development XSIAM tenant, which two objects can be pushed or pulled to the remote repository? (Choose two.)

• Scripts
• Parsing rules
• iLists
• Layouts

An application which ingests custom application logs is hosted in an on-premises virtual environment on an Ubuntu server, and it logs locally to a .csv file.Which set of actions will allow the ingestion of the .csv logs into Cortex XSIAM directly from the server?An application which ingests custom application logs is hosted in an on-premises virtual environment on an Ubuntu server, and it logs locally to a .csv file.Which set of actions will allow the ingestion of the .csv logs into Cortex XSIAM directly from the server?

• Install a Cortex XDR agent on the Ubuntu server, and configure the agent to collect the files of interest.
• Install a Broker VM in the environment, and migrate the application to the Broker VM.
• Install XDR Collector on the Ubuntu server, and configure the agent to collect the files of interest.

During a new Cortex XSIAM deployment, a user consistently experiences timeout sessions while trying to connect to the agent through Live Terminal, even though the firewall engineer has confirmed that all source IP addresses, port 443, and destinations are allowed.What could be causing these persistent timeout issues?

• User does not have administrative privileges on the managed endpoint.
• SSL Decryption is currently being used to inspect the underlying traffic.
• NTP is not synchronized with the server time.
• Live Terminal feature is not supported on the current OS.

How can a Cortex XSIAM engineer resolve the issue when a SOC analyst escalates missing details after merging two similar incidents?

• Examine the incident context of the source incident.
• Unmerge the incidents and copy the missing details into the incident notes.
• Check the child incident of the destination incident.

What is a key characteristic of a parsing rule in Cortex XSIAM?

• It is bound to all vendors and products, performs data parsing once per log, and does not allow grouping.
• It is bound to a specific vendor and product, performs data parsing once per log, and does not allow grouping.
• It is bound to a specific vendor and product which allow grouping with a no-match policy, and retains all fields.

Which action will prevent the automatic extraction of indicators such as IP addresses and URLs from a script's output?

• Add 'IgnoreAutoExtract': True to the script.
• Use 'AutoExtract': False in the script.
• Set 'IndicatorExtraction': None in the script.

What is the reason all Broker VM options are greyed out when a user attempts to select a Broker VM as a download source in the Agent Settings profile?

• NTP is not synchronized properly on the Broker VM.
• Local Agent Setting applet is currently activated without SSL certificate.
• Local Agent Setting applet is currently activated without FQDN.

A Cortex XSIAM engineer at a SOC downgrades a critical threat intelligence content pack from the Cortex Marketplace while performing routine maintenance. As a result, the SOC team loses access to the latest threat intelligence data.Which action will restore the functionality of the content pack to its previously installed version?

• Back up the current configuration and data, then revert to the previously installed version.
• Remove all integrations and playbooks associated with the content pack, then revert to the previously installed version.
• Directly reinstall the previously installed version over the current one.

Which type of parsing error is categorized in the dataset "parsing_rules_errors"?

• Unrecognized code
• Invalid syntax
• Data mismatch