Exam XSIAM-Engineer Topic 1 Question 55 Discussion

Actual exam question for Palo Alto Networks's XSIAM-Engineer exam
Question #: 55
Topic #: 1
A security architect is designing a highly segmented network where critical servers have very limited outbound internet access, only to specific, whitelisted IP addresses/FQDNs for security updates and essential services. When planning the Cortex XSIAM agent deployment for these servers, what is the most robust and secure method to allow agent communication and updates, minimizing the attack surface?

Suggested Answer: B Vote an answer

Option B represents the most robust and secure method for highly segmented environments. The Cortex XSIAM Broker is specifically designed for such scenarios. It acts as a secure intermediary for agents, allowing critical servers to communicate only with the Broker (which sits in a less restricted zone, like a DMZ), rather than directly with the XSIAM cloud. The Broker then securely relays data to the cloud. This significantly minimizes the attack surface by reducing the number of external FQDNs/lPs that critical servers need to reach. Option A is incorrect as agents require access to multiple XSIAM FQDNs for different services (telemetry, content, updates, etc.). Option C uses a generic HTTP proxy, which may not be as optimized or secure as a dedicated XSIAM Broker. Option D is too manual for dynamic threats and updates. Option E involves whitelisting a very broad range of IPs, which goes against the principle of 'minimal outbound access' and increases the attack surface significantly, especially as cloud IPs can change.

by Lance at Sep 24, 2025, 08:45 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10