Palo Alto Networks System Engineer – Cortex — Question 37

When initiated, which Cortex XDR capability allows immediate termination of the process or whole process tree on an anomalous process discovered during investigation of a security event?

Answer options

• A. file explorer
• B. log stitching
• C. live sensors
• D. live terminal

Correct answer: D

Explanation

The correct answer is D, live terminal, as it provides the capability to immediately terminate processes detected as anomalous. Options A, B, and C do not offer this specific functionality; file explorer is for file management, log stitching is for correlating logs, and live sensors are for monitoring events rather than taking direct action.