Palo Alto Networks PSE-CORTEX Online Practice Questions and Exam Preparation

Palo Alto Networks PSE-CORTEX Online Questions & Answers

• Question 1:

  Which two items are stitched to the Cortex XDR causality chain'' (Choose two)

  A. firewall alert
  B. SIEM alert
  C. full URL
  D. registry set value
  A. firewall alert
  D. registry set value

• Question 2:

  Which Cortex XDR capability extends investigations to an endpoint?

  A. Log Stitching
  B. Causality Chain
  C. Sensors
  D. Live Terminal
  A. Log Stitching

• Question 3:

  What is the retention requirement for Cortex Data Lake sizing?

  A. number of endpoints
  B. number of VM-Series NGFW
  C. number of days
  D. logs per second
  C. number of days

• Question 4:

  Which option is required to prepare the VDI Golden Image?

  A. Configure the Golden Image as a persistent VDI
  B. Use the Cortex XDR VDI tool to obtain verdicts for all PE files
  C. Install the Cortex XOR Agent on the local machine
  D. Run the Cortex VDI conversion tool
  D. Run the Cortex VDI conversion tool

• Question 5:

  Which two filter operators are available in Cortex XDR? (Choose two.)

  A. not Contains
  B. !*
  C. =>
  D. < >
  A. not Contains
  B. !*

• Question 6:

  Which CLI query would bring back Notable Events from Splunk?

  A. ! splunk-search query=" `notable` | head 3"
  B. ! splunk-search query=" 'notable' | head 3"
  C. ! splunk-search query="*"
  D. ! splunk-search query="* | head 3"
  D. ! splunk-search query="* | head 3"

• Question 7:

  An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them How should an administrator perform this evaluation?

  A. Gather information about the word processing applications and run them on a Windows XP SP3 VM Determine if any of the applications are vulnerable and run the exploit with an exploitation tool
  B. Run word processing exploits in a latest version of Windows VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities
  C. Run a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities
  D. Prepare the latest version of Windows VM Gather information about the word processing applications, determine if some of them are vulnerable and prepare a working exploit for at least one of them Execute with an exploitation tool
  C. Run a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities

• Question 8:

  If an anomalous process is discovered while investigating the cause of a security event, you can take immediate action to terminate the process or the whole process tree, and block processes from running by initiating which Cortex XDR capability?

  A. Live Sensors
  B. File Explorer
  C. Log Stitching
  D. Live Terminal
  D. Live Terminal

• Question 9:

  Given the integration configuration and error in the screenshot what is the cause of the problem? [missing the exhibits]

  A. incorrect instance name
  B. incorrect Username and Password
  C. incorrect appliance port
  D. incorrect server URL
  A. incorrect instance name

• Question 10:

  Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

  A. Response > Action Center
  B. the local console
  C. Telnet
  D. Endpoint > Endpoint Management
  A. Response > Action Center
  C. Telnet