Which two items are stitched to the Cortex XDR causality chain'' (Choose two)
A. firewall alert
B. SIEM alert
C. full URL
D. registry set value
Which Cortex XDR capability extends investigations to an endpoint?
A. Log Stitching
B. Causality Chain
C. Sensors
D. Live Terminal
What is the retention requirement for Cortex Data Lake sizing?
A. number of endpoints
B. number of VM-Series NGFW
C. number of days
D. logs per second
Which option is required to prepare the VDI Golden Image?
A. Configure the Golden Image as a persistent VDI
B. Use the Cortex XDR VDI tool to obtain verdicts for all PE files
C. Install the Cortex XOR Agent on the local machine
D. Run the Cortex VDI conversion tool
Which two filter operators are available in Cortex XDR? (Choose two.)
A. not Contains
B. !*
C. =>
D. < >
Which CLI query would bring back Notable Events from Splunk?
A. ! splunk-search query=" `notable` | head 3"
B. ! splunk-search query=" 'notable' | head 3"
C. ! splunk-search query="*"
D. ! splunk-search query="* | head 3"
An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them
How should an administrator perform this evaluation?
A. Gather information about the word processing applications and run them on a Windows XP SP3 VM Determine if any of the applications are vulnerable and run the exploit with an exploitation tool
B. Run word processing exploits in a latest version of Windows VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities
C. Run a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities
D. Prepare the latest version of Windows VM Gather information about the word processing applications, determine if some of them are vulnerable and prepare a working exploit for at least one of them Execute with an exploitation tool
If an anomalous process is discovered while investigating the cause of a security event, you can take immediate action to terminate the process or the whole process tree, and block processes from running by initiating which Cortex XDR capability?
A. Live Sensors
B. File Explorer
C. Log Stitching
D. Live Terminal
Given the integration configuration and error in the screenshot what is the cause of the problem? [missing the exhibits]
A. incorrect instance name
B. incorrect Username and Password
C. incorrect appliance port
D. incorrect server URL
What are two manual actions allowed on War Room entries? (Choose two.)
A. Mark as artifact
B. Mark as scheduled entry
C. Mark as note
D. Mark as evidence
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PSE-CORTEX exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.