Palo Alto Networks XDR-Analyst Exam - Topic 1 Question 7 Discussion

Actual exam question for Palo Alto Networks's XDR-Analyst exam

Question #: 7
Topic #: 1

[All XDR-Analyst Questions]

Which type of IOC can you define in Cortex XDR?

ADestination IP Address

BSource IP Address

CSource port

DDestination IP Address: Destination

Show Suggested Answer

Suggested Answer: A

Cortex XDR allows you to define IOC rules based on various types of indicators of compromise (IOC) that you can use to detect and respond to threats in your network. One of the types of IOC that you can define in Cortex XDR isdestination IP address, which is the IP address of the remote host that a local endpoint is communicating with. You can use this type of IOC to identify malicious network activity, such as connections to command and control servers, phishing sites, or malware distribution hosts. You can also specify the direction of the network traffic (inbound or outbound) and the protocol (TCP or UDP) for the destination IP address IOC.Reference:

Cortex XDR documentation portal

Is there a possibility to create an IOC list to employ it in a query?

Cortex XDR Datasheet

by Lenora at Mar 09, 2026, 04:33 AM

Limited Time Offer

25%

Off

Get Premium XDR-Analyst Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!