Palo Alto Networks XSOAR Engineer — Question 9

Two feed integrations with the same source reliability (B - Usually reliable) fetch the same indicator with the following verdicts:

Integration A - Malicious -

Integration B - Benign -
Indicator data from Integration B was fetched after Integration A.
What will be the values of the fields associated with the indicator?

Answer options

• A. Verdict: Malicious - Other Fields: Values from Integration A
• B. Verdict: Malicious - Other Fields: Values from Integration B
• C. Verdict: Benign - Other Fields: Values from Integration A
• D. Verdict: Benign - Other Fields: Values from Integration B

Correct answer: D

Explanation

The correct answer is D because the most recent data from Integration B, which is benign, takes precedence over the earlier malicious verdict from Integration A. The other options incorrectly state that the verdict remains malicious or that the fields should take values from the earlier integration, which is not the case when more reliable information is available.