New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Discussions
  3. Paloalto Networks
  4. Security Operations
  5. XSIAM-Analyst Discussions
  6. XSIAM-Analyst Exam Topic 1 Question 9 Discussion

Paloalto Networks Palo Alto Networks XSIAM Analyst XSIAM-Analyst Question # 9 Topic 1 Discussion

 Paloalto Networks Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

Paloalto Networks Palo Alto Networks XSIAM Analyst XSIAM-Analyst Question # 9 Topic 1 Discussion

XSIAM-Analyst Exam Topic 1 Question 9 Discussion:
Question #: 9
Topic #: 1

A threat hunter discovers a true negative event from a zero-day exploit that is using privilege escalation to launch "Malware pdf.exe". Which XQL query will always show the correct user context used to launch "Malware pdf.exe"?
A.

config case_sensitive = false | dataset = xdr_data | filter event_type = ENUM.PROCESS | filter action_process_image_name = "Malware.pdf.exe" | fields causality_actor_effective_username

B.

config case_sensitive = false | dataset = xdr_data | filter event_type = ENUM.PROCESS | filter action_process_image_name = "Malware.pdf.exe" | fields actor_process_username

C.

config case_sensitive = false | datamodel dataset = xdrdata | filter xdm.source.process.name = "Malware.pdf.exe" | fields xdm.target.user.username

D.

config case_sensitive = false | dataset = xdr_data | filter event_type = ENUM.PROCESS | filter action_process_image_name = "Malware.pdf.exe" | fields action_process_username

Get Premium XSIAM-Analyst Questions
Actual exam question for Paloalto Networks XSIAM-Analyst exam by Kai8550 at Nov 8, 2025, 10:38:45 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next