Paloalto Networks XSOAR-Engineer - Palo Alto Networks XSOAR Engineer

XSOAR’s Threat Intelligence module represents connections between indicators—such as domain → IP mappings—usingrelationships. The Admin Guide explains that relationships have attributes including direction, type, andstate, allowing analysts to mark them as active or inactive. When an observed association (such as a malicious domain pointing to a particular IP address) is no longer valid, the platform provides the ability torevoke the relationship, which sets its state to inactive without deleting the indicator or removing historical context.

Revoking is the correct method because it preserves historical intelligence for correlation, investigations, and audit trails while preventing outdated relationships from impacting enrichment or automated processes.

Updating the relationship type (option B) merely changes classification, not the state. Expiring the IP address indicator (option C) affects the indicator itself—not the relationship—and does not correctly mark that the specific association has ended. Updating the description (option D) is cosmetic only and does not change operational behavior.

Thus,revoking the relationship(option A) is the documented and proper way to inactivate a domain–IP connection in XSOAR.

The XSOAR Engine Installation Guide explains that a single Linux host can run multiple engines using theShell Installer with the “Allow running multiple engines” option enabled. This method is specifically intended for Dev/Prod, HA, and multi-tenant scenarios. When this option is selected, the installer configures separate engine services and directories, preventing conflicts in ports, logs, or runtime environments.

Using Docker containers (option B) is not an officially supported or documented deployment method for running multiple XSOAR engines. Creating custom JSON or DEB installers (options A and D) applies to advanced engine deployments but doesnotenable multiple engines on the same host.

The Admin Guide explicitly states that the Shell Installer includes a built-in prompt allowing multiple engines to coexist safely, and this is the approved and supported mechanism provided by Palo Alto Networks. Therefore, the correct answer isC.