An administrator has decided to test Traps functionality using malware samples in an isolated nonproduction environment. In order to effectively test Traps, what three types of samples should the administrator avoid? (Choose three.)
A. A sample with a low number of hits in Virus Total.
B. An MS Office document which contains a ransomware macro.
C. A sample known to be flagged as grayware by Traps.
D. A freeware video application which spawns malicious processes.
E. A sample known to generate false positives in the production environment.
Which version of .NET Framework is required as a prerequisite when installing Traps agent on Windows 7?
A. .NET Framework 4.5
B. .NET Framework 3.5.1
C. .NET Framework 2.0
D. .NET Framework 4.0
Files are not getting a WildFire verdict.
What is one way to determine whether there is a BITS issue?
A. Check the upload status in the hash control screen.
B. Run a telnet command between Traps agent and ESM Server on port 2125.
C. Use PowerShell to test upload using HTTP POST method.
D. Initiate a "Send support file" from the agent.
The ESM policy is set to upload unknowns to WildFire. However, when an unknown is executed the Upload status in ESM Console never displays "Upload in progress", and the verdict remains local analysis or unknown. Even clicking the upload button and checking in does not resolve the Issue. A line in the log file suggests not being able to download a file from "https:/ESMSERVER/BitsUploads/... to C: \ProgramData\Cyvera\Temp\..."
Which solution fixes this problem?
A. Restart BITS service on the endpoint
B. Restart BITS service on ESM
C. Remove and reinstall all the agents without SSL
D. In the ESM Console, use the FQDN in multi ESM
A deployment contains some machines that are not part of the domain. The Accounting and Sales
departments are two of these.
How can a policy of WildFire notification be applied to Accounting, and a policy of WildFire prevention be
applied to Sales, while not affecting any other WildFire policies?
A. Create the rules and use the Objects tab to add Accounting and Sales to each rule they should apply to.
B. Create a condition for an application found on an Accounting machine. Use that condition for the Accounting groups rule, and create the rule tor Sales without any conditions.
C. Create two rules for WildFire: one for prevention, and one for notification. Make sure the Accounting rule is numbered higher.
D. Create group-specific registry entries on endpoints. Use these registry entries to create conditions for the WildFire rules.
Which software category is most likely to cause a conflict with the Traps agent?
A. Exploit prevention software
B. Web browser software
C. Web meeting and collaboration software
D. Full disk encryption software
Which two enhanced key usage purposes are necessary when creating an SSL certificate for an ESM server? (Choose two.)
A. File Recovery
B. Server Authentication
C. Client Authentication
D. Key Recovery
Which MSI command line parameters will successfully install a Traps agent using SSL and pointed to server ESM?
A. msiexec /i c:\traps.msi /qn TRAPS_SERVER=ESM USE_SSL_PRIMARY=1
B. msiexec /i c:\traps.msi /qn CYVERA_SERVER=ESM USE_SSL_PRIMARY=1
C. msiexec /i c:\traps.msi /qn ESM_SERVER=ESM USE_SSL_PRIMARY=1
D. msiexec /x c:\traps.msi /qn SERVER=ESM USE_SSL_PRIMARY=1
Which set of modules must be loaded and configured when using Metasploit?
A. Attacker, payload
B. Exploit, payload
C. Exploit, malware
D. Malware, host
An Administrator has identified an EPM-triggered false positive and has used the Create Rule button from within the relevant entry in the Security Events > Preventions > Exploits tab. What is the result of the created rule?
A. The new rule stops all EPM injection into the faulted process.
B. The new rule stops all EPM injection into processes on the machine on which the prevention was triggered.
C. The new rule excludes the endpoint from Traps protection.
D. The new rule will include the EPM that raised the prevention, the process that triggered the prevention, the machine on which the prevention was triggered, and a descriptive name for the rule.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PSE-ENDPOINT exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.