Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA) — Question 54

What is the difference between presets and datasets in XQL?

Answer options

• A. A dataset is a Cortex data lake data source only; presets are built-in data source.
• B. A dataset is a database; presets is a field.
• C. A dataset is a built-in or third party source; presets group XDR data fields.
• D. A dataset is a third-party data source; presets are built-in data source.

Correct answer: C

Explanation

The correct answer, C, accurately describes datasets as originating from either built-in or third-party sources, while presets serve to organize XDR data fields. Options A and D incorrectly limit datasets to specific types of sources, and option B incorrectly defines a dataset as just a database and oversimplifies presets.