Palo Alto Networks System Engineer – Cortex — Question 30

What are two reasons incident investigation is needed in Cortex XDR? (Choose two.)

Answer options

• A. No solution will stop every attack requiring further investigation of activity.
• B. Insider Threats may not be blocked and initial activity may go undetected.
• C. Analysts need to acquire forensic artifacts of malware that has been blocked by the XDR agent.
• D. Detailed reports are needed for senior management to justify the cost of XDR.

Correct answer: B, C

Explanation

The correct answers, B and C, highlight the importance of identifying insider threats that may not be detected and the need for forensic evidence of malware that was blocked. Options A and D, while relevant, do not directly address the necessity of incident investigations as it pertains to undetected activities and the collection of evidence.