Real Exam Questions PSE-Cortex Dumps Exam Questions in here [Aug-2021]
Get Latest Aug-2021 Conduct effective penetration tests using PSE-Cortex
NEW QUESTION 14
Which CLI query would bring back Notable Events from Splunk?
A)
B)
C)
D)
- A. Option A
- B. Option D
- C. Option B
- D. Option C
Answer: B
NEW QUESTION 15
An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.
What is the safest way to do it?
- A. The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console
- B. The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console
- C. The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.
- D. The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.
Answer: B
NEW QUESTION 16
Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?
- A. Device Control
- B. Device Customization
- C. Agent Configuration
- D. Agent Management
Answer: A
Explanation:
Explanation
https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-features-introduced-in-december-2019/ba-p/302231
NEW QUESTION 17
When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the REST API?
- A. SplunkGO integration
- B. SplunkSearch automation
- C. Cortex XSOAR TA App for Splunk
- D. splunk-get-alerts integration command
Answer: D
NEW QUESTION 18
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?
- A. /invite Bob
- B. @Bob
- C. #Bob
- D. !invite Bob
Answer: C
NEW QUESTION 19
An adversary is attempting to communicate with malware running on your network for the purpose of controlling malware activities or for ex filtrating data from your network. Which Cortex XDR Analytics alert is this activity most likely to trigger'?
- A. Malware
- B. Uncommon Local Scheduled Task Creation
- C. New Administrative Behavior
- D. DNS Tunneling
Answer: A
NEW QUESTION 20
Which option is required to prepare the VDI Golden Image?
- A. Install the Cortex XOR Agent on the local machine
- B. Run the Cortex VDI conversion tool
- C. Use the Cortex XDR VDI tool to obtain verdicts for all PE files
- D. Configure the Golden Image as a persistent VDI
Answer: C
NEW QUESTION 21
Which two filter operators are available in Cortex XDR? (Choose two.)
- A. =>
- B. not Contains
- C. < >
- D. !*
Answer: B,D
Explanation:
Explanation
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr-pro/use-c
NEW QUESTION 22
Which two log types should be configured for firewall forwarding to the Cortex Data Lake for use by Cortex XDR? (Choose two)
- A. Security Event
- B. HIP
- C. Correlation
- D. Analytics
Answer: A,B
NEW QUESTION 23
What is the retention requirement for Cortex Data Lake sizing?
- A. logs per second
- B. number of days
- C. number of endpoints
- D. number of VM-Series NGFW
Answer: B
Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-cortex-data-lake/set-log-storage-quota
NEW QUESTION 24
Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types?
(Choose three.)
- A. Add new fields to an incident type
- B. Set reminders for an incident SLA
- C. Define whether a playbook runs automatically when an incident type is encountered
- D. Define the way that incidents of a specific type are displayed in the system
- E. Drop new incidents of the same type that contain similar information
Answer: C,D,E
NEW QUESTION 25
What are two manual actions allowed on War Room entries? (Choose two.)
- A. Mark as scheduled entry
- B. Mark as artifact
- C. Mark as note
- D. Mark as evidence
Answer: B
NEW QUESTION 26
The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second Image? (Choose two.) SUCCESS
- A. The dictionary was defined incorrectly in the second script.
- B. The modified script attempted to access a dictionary key that did not exist in the dictionary named
"data" - C. The modified scnpt was run in the wrong Docker image
- D. The modified script required a different parameter to run successfully.
Answer: C
NEW QUESTION 27
Which Cortex XDR capability extends investigations to an endpoint?
- A. Causality Chain
- B. Log Stitching
- C. Live Terminal
- D. Sensors
Answer: B
Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-concepts
NEW QUESTION 28
The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?
- A. Cortex XDR Endpoint
- B. Cortex XDR Prevent
- C. Cortex XDR Pro Per Endpoint
- D. Cortex XDR Pro per TB
Answer: A
Explanation:
Explanation
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licen
NEW QUESTION 29
During the TMS instance activation, a tenant (Customer) provides the following information for the fields in the Activation - Step 2 of 2 window.
During the service instance provisioning which three DNS host names are created? (Choose three.)
- A. xnettraps.paloaltonetworks.com
- B. cc-xnet50.traps.paloaltonetworks.com
- C. hc-xnet50.traps.paloaltonetworks.com
- D. cc.xnet50traps.paloaltonetworks.com
- E. ch-xnet.traps.paloaltonetworks.com
- F. cc-xnet.traps.paloaltonetworks.com
Answer: B,E,F
NEW QUESTION 30
A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified (exploit/windows/browser/ms16_051_vbscript) The description and current configuration of the exploit are as follows;
What is the remaining configuration?
A)
B)
C)
D)
- A. Option A
- B. Option D
- C. Option B
- D. Option C
Answer: B
NEW QUESTION 31
When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the REST API?
- A. SplunkGO integration
- B. SplunkSearch automation
- C. Cortex XSOAR TA App for Splunk
- D. splunk-get-alerts integration command
Answer: C
NEW QUESTION 32
The certificate used for decryption was installed as a trusted toot CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console.What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?
- A. reinstall the root CA certificate
- B. enable SSL decryption
- C. add paloaltonetworks.com to the SSL Decryption Exclusion list
- D. disable SSL decryption
Answer: D
NEW QUESTION 33
An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them How should an administrator perform this evaluation?
- A. Prepare the latest version of Windows VM Gather information about the word processing applications, determine if some of them are vulnerable and prepare a working exploit for at least one of them Execute with an exploitation tool
- B. Run word processing exploits in a latest version of Windows VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities
- C. Gather information about the word processing applications and run them on a Windows XP SP3 VM Determine if any of the applications are vulnerable and run the exploit with an exploitation tool
- D. Run a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities
Answer: D
NEW QUESTION 34
Which deployment type supports installation of an engine on Windows, Mac OS. and Linux?
- A. DEB
- B. RPM
- C. SH
- D. ZIP
Answer: D
Explanation:
Explanation
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/engines/install-deploy-and-config
NEW QUESTION 35
An Administrator is alerted to a Suspicious Process Creation security event from multiple users.
The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )
- A. Contact support and ask for a security exception.
- B. Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist
- C. With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module
- D. In the Cortex XDR security event, review the specific parent process, child process, and command line arguments
Answer: B,D
NEW QUESTION 36
......
Authentic Best resources for PSE-Cortex Online Practice Exam: https://www.pass4cram.com/PSE-Cortex_free-download.html
Get the superior quality PSE-Cortex Dumps with explanations waiting just for you, get it now: https://drive.google.com/open?id=1dODdmAd2Tehlqi-W2eWHvHBTHDRYtPiy