Palo Alto Networks System Engineer – Cortex — Question 15

Which two areas of Cortex XDR are used for threat hunting activities? (Choose two.)

Answer options

• A. indicators of compromise (IOC) rules
• B. query builder
• C. live terminal
• D. host insights module

Correct answer: B, D

Explanation

The correct answers, B and D, are essential for threat hunting as the query builder allows users to search for specific threat patterns, while the host insights module provides detailed information about endpoints. Options A and C are not primarily designed for threat hunting; IOC rules are more about detection, and live terminal is for command execution rather than threat analysis.