Question 16

A vulnerability analyst asks a Cortex XSIAM engineer to identify assets vulnerable to newly reported zero- day CVE affecting the "ai_app" application and versions 12.1, 12.2, 12.4, and 12.5.
Which XQL query will provide the required result?
  • Question 17

    A large-scale XSIAM deployment is experiencing significant delays (hours) in log visibility from geographically dispersed Palo Alto Networks NGFWs, despite network connectivity being verified and NGFWs showing active log forwarding. The and metrics on the XSIAM Collectors indicate high activity, but is significantly lower. This suggests a bottleneck. Which of the following is the most effective immediate action to identify the specific bottleneck within the XSIAM data ingestion pipeline?
  • Question 18

    An organization is enhancing its XSIAM content for detecting sophisticated phishing attacks that bypass email gateways and lead to credential theft. These attacks often involve users clicking on malicious URLs, followed by suspicious browser activity and potential network connections to phishing sites. Which combination of XSIAM XDR data sources and detection logic (BIOCs and IOCs) would provide the most comprehensive and high-fidelity detection for this scenario? (Select all that apply)
  • Question 19

    A CISO has asked an engineer to create a custom dashboard in Cortex XSIAM that can be filtered to show incidents assigned to a specific user.
    Which feature should be used to filter the incident data in the dashboard?
  • Question 20

    A cybersecurity firm specializing in managed security services (MSSP) plans to offer XSIAM as a service to its diverse clientele. This requires a multi-tenant XSIAM deployment. The MSSP needs to ensure strict data segregation, performance isolation for each tenant, and efficient resource utilization across tenants. From a hardware perspective, what are the primary considerations to achieve these objectives, and what is a potential pitfall?