Exam SecOps-Pro Topic 1 Question 17 Discussion
Actual exam question for Palo Alto Networks's SecOps-Pro exam
Question #: 17
Topic #: 1
Question #: 17
Topic #: 1
A Security Operations Center (SOC) is deploying Cortex XDR agents to 500 Windows endpoints, 150 macOS endpoints, and 50 Linux servers. The deployment strategy for the Windows endpoints involves Group Policy Objects (GPOs), while macOS and Linux endpoints will utilize a centralized MDM solution and Ansible, respectively. The SOC team wants to ensure that all agents report to a specific XDR tenant and are automatically assigned to a 'Production' endpoint group. What is the most efficient and robust method to achieve this tenant assignment and group categorization during initial agent deployment across all operating systems?
Suggested Answer: B Vote an answer
The most efficient and robust method for initial deployment is to embed the tenant FQDN and endpoint group directly into the agent installation parameters. Cortex XDR agents support command-line arguments (e.g., for Windows MSI via GPO or SCCM) or package parameters (e.g., for macOS .pkg via MDM, or Linux .deb/.rpm via Ansible) that specify the tenant and group. This automates the assignment at the point of installation, eliminating the need for post-deployment manual configuration or reactive automatic assignment rules. Option C is reactive and happens after agent registration. Option A is highly inefficient for large deployments. Option D only handles tenant assignment, not group assignment during initial deployment. Option E is overly complex and less robust than using native installer parameters.
by Phil at Jul 05, 2026, 09:46 AM
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).