Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Discussions
  1. Home
  2. Discussions
  3. Paloalto Networks
  4. Security Operations
  5. XSIAM-Analyst Discussions
  6. XSIAM-Analyst Exam Topic 1 Question 7 Discussion
 Paloalto Networks Discussions
Exam XSIAM-Analyst All Questions
Exam XSIAM-Analyst All Questions

View all questions & answers for the XSIAM-Analyst exam

Go to Exam

Paloalto Networks Security Operations XSIAM-Analyst Question # 7 Topic 1 Discussion

XSIAM-Analyst Exam Topic 1 Question 7 Discussion:
Question #: 7
Topic #: 1

An analyst is responding to a critical incident involving a potential ransomware attack. The analyst immediately initiates full isolation on the compromised endpoint using Cortex XSIAM to prevent the malware from spreading across the network. However, the analyst now needs to collect additional forensic evidence from the isolated machine, including memory dumps and disk images without reconnecting it to the network. Which action will allow the analyst to collect the required forensic evidence while ensuring the endpoint remains fully isolated?
A.

Using the endpoint isolation feature to create a secure tunnel for evidence collection

B.

Collecting the evidence manually through the agent by accessing the machine directly and running "Generate Support File"

C.

Using the management console to remotely run a predefined forensic playbook on the associated alert

D.

Disabling full isolation temporarily to allow forensic tools to communicate with the endpoint

Get Premium XSIAM-Analyst Questions
Actual exam question for Paloalto Networks XSIAM-Analyst exam by Xander7083 at Jun 18, 2025, 12:03:10 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit