Palo Alto Networks System Engineer – Cortex — Question 60

What is a key difference between audit users and full users in Cortex XSOAR?

Answer options

• A. Audit users can only view incidents, while full users can edit system components.
• B. Full users can only view dashboards, while audit users can investigate incidents.
• C. Audit users have read-only permission, white full users have read-write permission.
• D. Audit users can run scripts and playbooks, while full users can only view reports.

Correct answer: C

Explanation

The correct answer is C because audit users are designed to have read-only access, allowing them to view but not modify data, while full users can both read and write, enabling them to make changes. Options A, B, and D incorrectly describe the capabilities of audit and full users, misrepresenting their permissions and roles within Cortex XSOAR.