Palo Alto Networks XSIAM Analyst — Question 6

Which Cytool command will re-enable protection on an endpoint that has Cortex XDR agent protection paused?

Answer options

• A. cytool security enable
• B. cytool service start
• C. cytool runtime start
• D. cytool protect enable

Correct answer: C

Explanation

The correct answer is C, 'cytool runtime start', which specifically starts the runtime protection for the Cortex XDR agent. Option A, 'cytool security enable', is too general and does not directly address the issue of resuming protection. Option B, 'cytool service start', is related to starting services but does not pertain to the protection feature. Option D, 'cytool protect enable', is not a valid command for this specific action.