Palo Alto Networks XSIAM Engineer — Question 25

A systems engineer overseeing the integration of data from various sources through data pipelines into Cortex XSIAM notices modifications occurring during the ingestion process, and these modifications reduce the accuracy of threat detection and response. The engineer needs to assess the risks associated with the pre-ingestion data modifications and develop effective solutions for data integrity and system efficacy.
Which set of steps must be followed to meet these goals?

Answer options

• A. Develop an advanced monitoring system to track and log all changes made to data during ingestion, and use analytics to compare pre- and post-ingestion states based on XDM to identify and mitigate discrepancies.
• B. Design a hybrid approach for critical data fields to be safeguarded against modifications during ingestion, while less critical data fields undergo allowable modifications that are rectified post-ingestion by using XDM to balance performance with data integrity.
• C. Implement a pre-ingestion data validation process that aligns with the post-ingestion standards set by XDM, ensuring data consistency and integrity before it enters Cortex XSIAM.
• D. Establish a process to minimize data modifications during ingestion, prioritizing raw data capture and using XDM post-ingestion for necessary transformations and integrity checks.

Correct answer: D

Explanation

The correct answer is D because it emphasizes minimizing data modifications during ingestion, which is crucial for maintaining the integrity of the raw data and ensuring accurate threat detection. The other options, while valid in their approaches, either allow for modifications that could lead to inaccuracies (A, B) or focus on post-ingestion processes (C) rather than addressing the integrity of the data before it enters the system.