Palo Alto Networks XSIAM Engineer — Question 48

Before initiating a malware scan action on a Linux workstation, an engineer notices that the Cortex XDR agent's operational status on the workstation is reporting as "partially protected." There have been no configuration changes made from the Cortex XSIAM server.
What are two explanations for this operational status? (Choose two.)

Answer options

• A. The Linux endpoint is currently running 4.0 kernel version.
• B. The Linux endpoint's kernel modules failed to load due to unsupported kernel versions.
• C. The agent is outdated and requires an upgrade to the latest version to regain full protection.
• D. The agent was manually disabled on the endpoint by the user or an administrator.

Correct answer: B, C

Explanation

Option B is correct because if the kernel modules do not load due to an unsupported kernel version, the agent cannot function fully, leading to a 'partially protected' status. Option C is also correct since an outdated agent may lack necessary updates to provide full protection. Options A and D are incorrect as they do not directly relate to the agent's operational status being partially protected.