Exam XSIAM-Engineer Topic 3 Question 30 Discussion

Actual exam question for Palo Alto Networks's XSIAM-Engineer exam
Question #: 30
Topic #: 3
An XSIAM engineer needs to create a new correlation rule that detects 'Suspicious Access to Sensitive Data by a User from a Previously Unseen IP Address'. This rule must consider that 'sensitive data' can be defined by various file paths, SharePoint sites, or database names. Additionally, the 'previously unseen IP address' needs to be determined dynamically for each user over a trailing 30-day period. Which XSIAM correlation rule features are essential to implement this detection with high fidelity?

Suggested Answer: B Vote an answer

Option B is the most effective approach. 'Contextual Lookups' allow for flexible and dynamic definition of 'sensitive data' without hardcoding it into the rule. XSIAM's 'Behavioral Baselines' or 'Analytics Profiles' are designed precisely for tracking normal user behavior, including login IP addresses, and detecting deviations, which is crucial for identifying 'previously unseen IP addresses' dynamically. This combination provides high fidelity for the described scenario. Option A is static and won't adapt. Option C is unscalable. Options D and E are detrimental to security.

by Marico at Jun 25, 2026, 03:28 PM

Limited Time Offer

15%

Off

Get Premium XSIAM-Engineer Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10