What is the function of the "MODEL" section when creating a data model rule?
A. To make a list of all the relevant fields to be mapped from the logs to XDM
B. To map log fields to corresponding Cortex XSIAM Data Model (XDM) fields
C. To define the mapping between a single dataset and XDM
D. To finalize rule definition with all XQL statements
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 2:
Which incident field uniquely identifies an incident in Cortex XSIAM?
A. incident_id
B. incident_name
C. incident_type
D. incident_owner
正解:A
解説: (Pass4Test メンバーにのみ表示されます)
質問 3:
A security engineer is integrating several third-party firewalls and web proxies with Cortex XSIAM by using a Syslog collector. The logs are sent in Common Event Format (CEF) and JSON.
How does the Cortex XSIAM ingestion engine process these structured logs to facilitate efficient querying and analysis?
A. It stores the logs as flat text files and only applies parsing logic at the time a user runs an XQL query.
B. It encrypts the key-value pairs and requires a manual decryption key for each third-party vendor during the parsing phase.
C. It identifies and decouples key-value pairs into a structured table format while retaining the original raw log.
D. It converts all logs into a proprietary binary format and discards the original raw string to save storage space.
正解:C
解説: (Pass4Test メンバーにのみ表示されます)
質問 4:
An administrator is reviewing the content pack installation summary in the cart and notices that a content pack labeled as "Required" is being installed, even though it was not a requirement of the main content pack initially selected. The administrator had explicitly selected an optional content pack in the wizard.
What explains the inclusion of this additional required pack?
A. It is an optional dependency that is installed by default for all packs.
B. It is a mandatory dependency of the optional content pack that was selected.
C. It is a core system pack that is automatically updated with every installation.
D. It is a promoted content pack that is automatically added to all carts by the vendor.
正解:B
解説: (Pass4Test メンバーにのみ表示されます)
質問 5:
Which two requirements must be met for a Cortex XDR agent to successfully use the Broker VM as a download source for content updates? (Choose two.)
A. Agent Settings profile applied to the XDR agent must specify the Broker VM as a Download Source.
B. Device Configuration profile applied to the XDR agent must specify the Broker VM as a Download Source.
C. XDR agent must authenticate to the Broker VM using a machine certificate.
D. Broker VM must be configured with an FQDN.
正解:A,D
解説: (Pass4Test メンバーにのみ表示されます)
質問 6:
An engineer is implementing Scope-Based Access Control (SBAC) alongside Role-Based Access Control (RBAC).
What is the benefit of SBAC in this context?
A. Greater visibility to the environment
B. Simplified access management by consolidating user roles and permissions
C. Dynamic permissions without the use of predefined roles
D. Granular access based on specific tags
正解:D
解説: (Pass4Test メンバーにのみ表示されます)
1161 お客様のコメント





Jingu -
本教材の試験であるXSIAM-Engineerに合格できました。9割5分ぐらい出題されました。
実に質の良い教材です。ありがとうございました。