Which two filter operators are available in Cortex XDR? (Choose two.)
A. < >
B. Contains
C. =
D. Is Contained By
Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)
A. IP
B. endpoint hostname
C. domain
D. registry entry
An adversary is attempting to communicate with malware running on your network for the purpose of controlling malware activities or for ex filtrating data from your network. Which Cortex XDR Analytics alert is this activity most likely to trigger'?
A. Uncommon Local Scheduled Task Creation
B. Malware
C. New Administrative Behavior
D. DNS Tunneling
An Administrator is alerted to a Suspicious Process Creation security event from multiple users.
The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )
A. With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module
B. Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist
C. In the Cortex XDR security event, review the specific parent process, child process, and command line arguments
D. Contact support and ask for a security exception.
A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?
A. Extend the POC window to allow the solution architects to build it
B. Tell them we can build it with Professional Services.
C. Tell them custom integrations are not created as part of the POC
D. Agree to build the integration as part of the POC
If a customer activates a TMS tenant and has not purchased a Cortex Data Lake instance.
Palo Alto Networks will provide the customer with a free instance
What size is this free Cortex Data Lake instance?
A. 1 TB
B. 10 GB
C. 100 GB
D. 10 TB
The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?
A. Cortex XDR Pro per TB
B. Cortex XDR Prevent
C. Cortex XDR Endpoint
D. Cortex XDR Pro Per Endpoint
The prospect is deciding whether to go with a phishing or a ServiceNow use case as part of their POC We have integrations for both but a playbook for phishing only Which use case should be used for the POC?
A. phishing
B. either
C. ServiceNow
D. neither
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three )
A. alert root cause
B. hostname
C. domain/workgroup membership
D. OS
E. presence of Flash executable
How can you view all the relevant incidents for an indicator?
A. Linked Incidents column in Indicator Screen
B. Linked Indicators column in Incident Screen
C. Related Indicators column in Incident Screen D. Related Incidents column in Indicator Screen
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PSE-CORTEX exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.