Palo Alto Networks XSIAM Engineer — Question 14

A Cortex XSIAM engineer is developing a playbook that uses reputation commands such as '!ip' to enrich and analyze indicators.
Which statement applies to the use of reputation commands in this scenario?

Answer options

• A. If no reputation integration instance is configured, the '!ip' command will execute but will return no results.
• B. Reputation commands such as '!ip' will fail if the required reputation integration instance is not configured and enabled.
• C. The mapping flow for enrichment commands is disabled if extraction is set to "None."
• D. Enrichment data will not be saved to the indicator unless the extraction setting is manually configured in the playbook task.

Correct answer: B

Explanation

The correct answer is B because reputation commands require an active and configured reputation integration instance to function properly. If this instance is not set up, the commands will not execute correctly. Options A, C, and D are inaccurate as they misrepresent the functionality and requirements of the reputation commands in Cortex XSIAM.