Exam SecOps-Pro Topic 1 Question 12 Discussion
Actual exam question for Palo Alto Networks's SecOps-Pro exam
Question #: 12
Topic #: 1
Question #: 12
Topic #: 1
A SOC analyst is investigating a surge in failed login attempts against cloud identities managed by Azure AD, detected by Cortex XSIAM. The analyst needs to quickly block the source IP addresses of these attempts and initiate a password reset for the affected user accounts. Furthermore, they want to log all these actions in an external compliance logging system that accepts syslog messages. Which of the following XSIAM configurations and features are MOST critical to achieve this comprehensive, automated response?
Suggested Answer: B Vote an answer
Option B outlines the most effective and automated approach. An 'Automation Rule' is key to triggering the response based on the detected surge in failed logins. The 'Playbook' then orchestrates the multi-step remediation: directly interacting with Azure AD for password resets (using a pre-built or custom integration), leveraging NGFW integration for IP blocking, and utilizing a 'Custom Integration' or 'Generic Webhook' to send the required syslog data to the compliance system. This ensures immediate, automated response and proper logging.
by Miles at Jul 15, 2026, 09:00 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).