Palo Alto Networks Security Operations Professional — Question 7

Which response action in Cortex XSIAM would be unavailable to a SOC analyst investigating an incident involving a Linux server?

Answer options

• A. File search and destroy
• B. Live Terminal session initiation
• C. Running a script
• D. Halting network access

Correct answer: A

Explanation

The correct answer is A, as the 'File search and destroy' action is typically not applicable to Linux servers within Cortex XSIAM. Options B, C, and D are valid responses that can be executed in a Linux environment, allowing the analyst to interact with the server effectively.