XDR Engineer Online Practice Questions

Home / Palo Alto Networks / XDR Engineer

Latest XDR Engineer Exam Practice Questions

The practice questions for XDR Engineer exam was last updated on 2026-01-14 .

Viewing page 1 out of 3 pages.

Viewing questions 1 out of 18 questions.

Question#1

A new parsing rule is created, and during testing and verification, all the logs for which field data is to be parsed out are missing. All the other logs from this data source appear as expected.
What may be the cause of this behavior?

A. The Broker VM is offline
B. The parsing rule corrupted the database
C. The filter stage is dropping the logs
D. The XDR Collector is dropping the logs

Question#2

Based on the image of a validated false positive alert below, which action is recommended for resolution?


A. Create an alert exclusion for OUTLOO
B. EXE
C. Disable an action to the CGO Process DWWI
D. EXE
E. Create an exception for the CGO DWWI
F. EXE for ROP Mitigation Module
G. Create an exception for OUTLOO
H. EXE for ROP Mitigation Module

Question#3

A cloud administrator reports high network bandwidth costs attributed to Cortex XDR operations and asks for bandwidth usage to be optimized without compromising agent functionality.
Which two techniques should the engineer implement? (Choose two.)

A. Configure P2P download sources for agent upgrades and content updates
B. Enable minor content version updates
C. Enable agent content management bandwidth control
D. Deploy a Broker VM and activate the local agent settings applet

Question#4

Which components may be included in a Cortex XDR content update?

A. Device control profiles, agent versions, and kernel support
B. Behavioral Threat Protection (BTP) rules and local analysis logic
C. Antivirus definitions and agent versions
D. Firewall rules and antivirus definitions

Question#5

What happens when the XDR Collector is uninstalled from an endpoint by using the Cortex XDR console?

A. The files are removed immediately, and the machine is deleted from the system without any retention period
B. The machine status remains active until manually removed, and the configuration data is retained for up to seven days
C. It is uninstalled during the next heartbeat communication, machine status changes to Uninstalled, and the configuration data is retained for 90 days
D. The associated configuration data is removed from the Action Center immediately after uninstallation

Disclaimer

This page is for educational and exam preparation reference only. It is not affiliated with Palo Alto Networks, Security Operations, or the official exam provider. Candidates should refer to official documentation and training for authoritative information.

Exam Code: XDR EngineerQ & A: 50 Q&AsUpdated:  2026-01-14

  Get All XDR Engineer Q&As

Top 20 Exams

CertQuestionsBank doesn't offer Real Microsoft, Amazon, Cisco Exam Questions. All CertQuestionsBank content is sourced from the Internet.

Important Links

Know Us

Follow Us

Copyright © 2026 CertQuestionsBank NETWORK CO.,LIMITED. All Rights Reserved.