Palo Alto Networks XSIAM-Engineer Actual Free Exam Questions & Community Discussion

Which types of content may be included in a Marketplace content pack?

A CISO has asked an engineer to create a custom dashboard in Cortex XSIAM that can be filtered to show incidents assigned to a specific user.
Which feature should be used to filter the incident data in the dashboard?

When a Cortex XSIAM playbook execution reaches a breakpoint on a non-manual task, which two actions will allow the playbook to continue? (Choose two.)

An engineer needs to migrate Cortex XDR agents without internet connection from Cortex XSIAM tenant A to Cortex XSIAM tenant B.
There is a broker configured for each tenant. This is the communication flow:
- XDR agents <-> Broker A <-> XSIAM tenant A
- XDR agents <-> Broker B <-> XSIAM tenant B
Which two steps should be taken before moving the agents? (Choose two.)

Administrators from Building 3 have been added to Cortex XSIAM to perform limited functions on a subset of endpoints. Custom roles have been created and applied to the administrators to limit their permissions, but their access should also be constrained through the principle of least privilege according to the endpoints they are allowed to manage. All endpoints are part of an endpoint group named "Building3," and some endpoints may also be members of other endpoint groups.
Which technical control will restrict the ability of the administrators to manage endpoints outside of their area of responsibility, while maintaining visibility to Building 3's endpoints?

Which two requirements must be met for a Cortex XDR agent to successfully use the Broker VM as a download source for content updates? (Choose two.)

When a newly installed agent is not reporting telemetry to Cortex XSIAM, which two steps should you check first? (Choose two)