Palo Alto Networks XDR Engineer (XDR-Engineer) Free Practice Test

Question 1

Which step is required to configure a proxy for an XDR Collector?

A. Restart the XDR Collector after configuring the proxy settings

B. Configure the proxy settings on the Cortex XDR tenant

C. Edit the YAML configuration file with the new proxy information

D. Connect the XDR Collector to the Pathfinder

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

A query is created that will run weekly via API. After it is tested and ready, it is reviewed in the Query Center. Which available column should be checked to determine how many compute units will be used when the query is run?

A. Simulated Compute Units

B. Query Status

C. Compute Unit Quota

D. Compute Unit Usage

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

How can a customer ingest additional events from a Windows DHCP server into Cortex XDR with minimal configuration?

A. Install the Cortex XDR agent

B. Install the XDR Collector

C. Enable HTTP collector integration

D. Activate Windows Event Collector (WEC)

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

A multinational company with over 300,000 employees has recently deployed Cortex XDR in North America.
The solution includes the Identity Threat Detection and Response (ITDR) add-on, and the Cortex team has onboarded the Cloud Identity Engine to the North American tenant. After waiting the required soak period and deploying enough agents to receive Identity and threat analytics detections, the team does not see user, group, or computer details for individuals from the European offices. What may be the reason for the issue?

A. The Cloud Identity Engine plug-in has not been installed and configured

B. The ITDR add-on is not compatible with the Cloud Identity Engine

C. The XDR tenant is not in the same region as the Cloud Identity Engine

D. The Cloud Identity Engine needs to be activated in all global regions

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

An XDR engineer is configuring an automation playbook to respond to high-severity malware alerts by automatically isolating the affected endpoint and notifying the security team via email. The playbook should only trigger for alerts generated by the Cortex XDR analytics engine, not custom BIOCs. Which two conditions should the engineer include in the playbook trigger to meet these requirements? (Choose two.)

A. Alert severity is High

B. Alert source is Cortex XDR Analytics

C. Alert status is New

D. Alert category is Malware

Correct Answer: A,D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

What happens when the XDR Collector is uninstalled from an endpoint by using the Cortex XDR console?

A. The associated configuration data is removed from the Action Center immediately after uninstallation

B. It is uninstalled during the next heartbeat communication, machine status changes to Uninstalled, and the configuration data is retained for 90 days

C. The machine status remains active until manually removed, and the configuration data is retained for up to seven days

D. The files are removed immediately, and the machine is deleted from the system without any retention period

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

Palo Alto Networks XDR Engineer (XDR-Engineer) Free Practice Test