Palo Alto Networks Exam XDR-Engineer Topic 3 Question 3 Discussion

Actual exam question for Palo Alto Networks's XDR-Engineer exam

Question #: 3
Topic #: 3

[Detection Engineering]

A Custom Prevention rule that was determined to be a false positive alert needs to be tuned. The behavior was determined to be authorized and expected on the affected endpoint. Based on the image below, which two steps could be taken? (Choose two.)

[Image description: A Custom Prevention rule configuration, assumed to trigger a Behavioral Indicator of Compromise (BIOC) alert for authorized behavior]

AApply an alert exception

BApply an alert exclusion to the XDR behavioral indicator of compromise (BIOC) alert

CApply an alert exclusion to the XDR agent alert

DModify the behavioral indicator of compromise (BIOC) logic

Show Suggested Answer

Suggested Answer: A, B

by Wilburn at Jun 12, 2025, 10:28 PM

Limited Time Offer

25%

Off

Get Premium XDR-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!