Exam XSIAM-Engineer Topic 2 Question 5 Discussion

Actual exam question for Palo Alto Networks's XSIAM-Engineer exam
Question #: 5
Topic #: 2
An XSIAM administrator is reviewing the audit logs for user activity and notices suspicious API calls originating from a compromised service account. The API key associated with this service account has 'Security Operations Center - Admin' permissions. The immediate action is to revoke the compromised API key. Which of the following XSIAM commands or API operations would be used to revoke a specific API key, assuming you have the necessary administrative privileges?

Suggested Answer: B,C Vote an answer

Both the XSIAM UI and the XSIAM API provide mechanisms to revoke API keys. Option B describes the direct IJI approach, which is straightforward for administrators. Option C describes the typical REST API approach for deleting a resource, where DELETE requests are used to revoke or remove API keys. Option A is a pseudocode function call that might be part of an SDK, but not a direct API endpoint. Option D is an extreme measure that would disrupt all API integrations and is not the targeted way to revoke a single key. Option E is an unsupported and dangerous method of configuration management.

by Rex at May 14, 2026, 09:53 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10