New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks XSIAM-Engineer Exam - Topic 1 Question 1 Discussion

Actual exam question for Palo Alto Networks's XSIAM-Engineer exam
Question #: 1
Topic #: 1
[All XSIAM-Engineer Questions]

Administrators from Building 3 have been added to Cortex XSIAM to perform limited functions on a subset of endpoints. Custom roles have been created and applied to the administrators to limit their permissions, but their access should also be constrained through the principle of least privilege according to the endpoints they are allowed to manage. All endpoints are part of an endpoint group named "Building3," and some endpoints may also be members of other endpoint groups.

Which technical control will restrict the ability of the administrators to manage endpoints outside of their area of responsibility, while maintaining visibility to Building 3's endpoints?

Show Suggested Answer Hide Answer
Suggested Answer: C

To enforce least privilege for Building 3 administrators, SBAC must be enabled in Restrictive Mode and the administrators' scope must be limited to EG:Building3. This ensures they can only manage endpoints within the Building 3 group, even if those endpoints are also part of other groups, while blocking access to endpoints outside their responsibility.


by Carmen at Nov 25, 2025, 06:53 PM

Limited Time Offer

25%

Off

Get Premium XSIAM-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Carry
1 day ago
I think C) is better for strict control.
upvoted 0 times
...
Justine
6 days ago
A) SBAC in Building 3's IP range is the way to go.
upvoted 0 times
...
Pura
12 days ago
Haha, "tight leash" - love it! These admins need to stay in their lane, that's for sure.
upvoted 0 times
...
Angelica
17 days ago
Option C is the clear choice here. Restrictive mode is the way to maintain control and visibility.
upvoted 0 times
...
Ciara
22 days ago
I'd go with C as well. Gotta keep those admins on a tight leash, you know?
upvoted 0 times
...
Jesusita
27 days ago
C) SBAC enabled in Restrictive Mode with the "EG:Building3" tag assigned to each administrator's scope. This ensures the administrators can only manage endpoints within the "Building3" group.
upvoted 0 times
...
Yuette
1 month ago
If I recall correctly, using SBAC in Restrictive Mode should definitely help enforce the least privilege principle for those admins.
upvoted 0 times
...
Tonette
1 month ago
I’m a bit confused about the IP range aspect. Does that really affect how the tags work for admin scopes?
upvoted 0 times
...
Mozell
1 month ago
I think we practiced a similar question where we had to apply tags to limit admin access. I feel like Restrictive Mode might be the right choice here.
upvoted 0 times
...
Lucy
2 months ago
I'm leaning towards C as well. The question specifically says the admins' access should be constrained, so Restrictive Mode seems like the appropriate technical control to use.
upvoted 0 times
...
Cheryl
2 months ago
Option D seems a bit too broad to me. Enabling SBAC globally with the tag might give the admins more visibility than they need. I think the more targeted approach in C is the better choice here.
upvoted 0 times
...
Ruby
2 months ago
I'm pretty confident that C is the correct answer. Restrictive Mode is the best way to enforce the principle of least privilege for these admins. The other options don't seem to provide the same level of control and restriction.
upvoted 0 times
...
Mira
2 months ago
I think option C is the best choice. Restrictive mode is key for limiting access.
upvoted 0 times
...
King
2 months ago
I remember studying about SBAC, but I'm not entirely sure how the modes differ in terms of restricting access.
upvoted 0 times
...
Alberta
3 months ago
Option A could work too, but I prefer C for tighter control.
upvoted 0 times
...
Jeannine
3 months ago
Restrictive mode is the way to go. Can't have these admins snooping around where they don't belong!
upvoted 0 times
...
Janet
3 months ago
Hmm, I'm a bit confused. Wouldn't option B, SBAC in Permissive Mode, also work? That way the admins can still see all the endpoints but their actions would be limited to just the Building 3 group.
upvoted 0 times
...
Viva
3 months ago
I think option C is the way to go here. SBAC in Restrictive Mode will ensure the admins can only access the endpoints they're supposed to, while still giving them visibility into the Building 3 group.
upvoted 0 times
Rodrigo
2 months ago
I agree, option C seems the most secure.
upvoted 0 times
...
...

Save Cancel