Palo Alto Networks XSIAM Analyst — Question 8

In addition to defining the Rule Name and Severity Level, which step or set of steps accurately reflects how an analyst should configure an indicator prevention rule before reviewing and saving it?

Answer options

• A. Filter and select file, IP address, and domain indicators.
• B. Filter and select indicators of any type.
• C. Select profiles for prevention. Filter and select one or more file, IP address, and domain indicators.
• D. Select profiles for prevention. Filter and select one or more SHA256 and MD5 indicators.

Correct answer: C

Explanation

The correct answer, C, is right because it specifies the need to select profiles for prevention and filter for specific types of indicators, which is essential for proper configuration. Options A and B do not include the selection of profiles, which is necessary for a comprehensive setup. Option D incorrectly focuses on SHA256 and MD5 indicators only, missing the inclusion of file and IP address indicators.