In Cortex XDR, data is stored in different tiers:hot storage(for recent, frequently accessed data),cold storage(for older, less frequently accessed data), and atemporary hot storage cachefor data retrieved from cold storage during queries. When data is queried from cold storage, it is moved to the temporary hot storage cache to enable faster access for subsequent queries. The question asks how long this data remains in the cache and the maximum duration for re-queries.

Correct Answer Analysis (B):Data retrieved from cold storage is kept in the temporary hot storage cache for24 hours. If the data is re-queried within this period, it remains accessible in the cache. The maximum duration for re-queries is7 days, after which the data may need to be retrieved from cold storage again, incurring additional processing time.

Why not the other options?

A. 1 hour, re-queried to a maximum of 12 hours: These durations are too short and do not align with Cortex XDR’s data retention policies for the hot storage cache.

C. 24 hours, re-queried to a maximum of 14 days: While the initial 24-hour cache duration is correct, the 14-day maximum for re-queries is too long and not supported by Cortex XDR’s documentation.

D. 1 hour, re-queried to a maximum of 24 hours: The 1-hour initial cache duration is incorrect, as Cortex XDR retains queried data for 24 hours.

Exact Extract or Reference:

TheCortex XDR Documentation Portalexplains data storage: “Data queried from cold storage is cached in hot storage for 24 hours, with a maximum re-query period of 7 days” (paraphrased from the Data Management section). TheEDU-262: Cortex XDR Investigation and Responsecourse covers data retention, stating that “queried cold storage data remains in the hot cache for 24 hours, accessible for up to 7 days with re-queries” (paraphrased from course materials). ThePalo Alto Networks Certified XDR Engineer datasheetincludes “maintenance and troubleshooting” as a key exam topic, encompassing data storage management.