[May-2024] PSE-Cortex Dumps PDF - PSE-Cortex Real Exam Questions Answers [Q30-Q55]

[May-2024] PSE-Cortex Dumps PDF - PSE-Cortex Real Exam Questions Answers

PSE-Cortex Dumps 100% Pass Guarantee With Latest Demo

NEW QUESTION # 30
What are two manual actions allowed on War Room entries? (Choose two.)

• A. Mark as evidence
• B. Mark as note
• C. Mark as scheduled entry
• D. Mark as artifact

Answer: D

NEW QUESTION # 31
What is the result of creating an exception from an exploit security event?

• A. exempts the user from generating events for 24 hours
• B. White lists the process from Wild Fire analysis
• C. exempts administrators from generating alerts for 24 hours
• D. disables the triggered EPM for the host and process involve

Answer: D

NEW QUESTION # 32
An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them How should an administrator perform this evaluation?

• A. Gather information about the word processing applications and run them on a Windows XP SP3 VM Determine if any of the applications are vulnerable and run the exploit with an exploitation tool
• B. Run a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities
• C. Run word processing exploits in a latest version of Windows VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities
• D. Prepare the latest version of Windows VM Gather information about the word processing applications, determine if some of them are vulnerable and prepare a working exploit for at least one of them Execute with an exploitation tool

Answer: B

NEW QUESTION # 33
Which two filter operators are available in Cortex XDR? (Choose two.)

• A. < >
• B. not Contains
• C. !*
• D. =>

Answer: B,C

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr-pro/use-cortex-xdr/manage-tables.html

NEW QUESTION # 34
What are two manual actions allowed on War Room entries? (Choose two.)

• A. Mark as evidence
• B. Mark as artifact
• C. Mark as note
• D. Mark as scheduled entry

Answer: A,C

NEW QUESTION # 35
Rearrange the steps into the correct order for modifying an incident layout.

Answer:

Explanation:

1 - Navigate to Settings > Advanced > Incident Types
2 - Select the incident type you want to customize the layout view for
3 - Edit the layout
4 - Select the Edit Layout option
5 - Navigate to Settings > Layout Builder

NEW QUESTION # 36
Which deployment type supports installation of an engine on Windows, Mac OS. and Linux?

• A. DEB
• B. SH
• C. RPM
• D. ZIP

Answer: D

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/engines/install-deploy-and-configure-demisto-engines/create-a-new-engine.html

NEW QUESTION # 37
Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)

• A. IP
• B. domain
• C. endpoint hostname
• D. registry entry

Answer: C,D

NEW QUESTION # 38
If an anomalous process is discovered while investigating the cause of a security event, you can take immediate action to terminate the process or the whole process tree, and block processes from running by initiating which Cortex XDR capability?

• A. Live Sensors
• B. File Explorer
• C. Live Terminal
• D. Log Stitching

Answer: C

NEW QUESTION # 39
Which two log types should be configuredfor firewall forwarding to the Cortex Data Lake for use by Cortex XDR?(Choose two)

• A. Security Event
• B. HIP
• C. Analytics
• D. Correlation

Answer: A,C

NEW QUESTION # 40
Which two formats are supported by Whitelist? (Choose two)

• A. Regex
• B. CIDR
• C. CSV
• D. STIX

Answer: A,B

NEW QUESTION # 41
Which option is required to prepare the VDI Golden Image?

• A. Configure the Golden Image as a persistent VDI
• B. Run the Cortex VDI conversion tool
• C. Use the Cortex XDR VDI tool to obtain verdicts for all PE files
• D. Install the Cortex XOR Agent on the local machine

Answer: B

NEW QUESTION # 42
How do sub-playbooks affect the Incident Context Data?

• A. When set to private, task outputs automatically get written to the root context
• B. When set to private, task outputs do not automatically get written to the root context
• C. When set to global, sub-playbook tasks do not have access to the root context
• D. When set to global, allows parallel task execution.

Answer: B

NEW QUESTION # 43
If a customer activates a TMS tenant and has not purchased a Cortex Data Lake instance.
Palo Alto Networks will provide the customer with a free instance
What size is this free Cortex Data Lake instance?

• A. 10 TB
• B. 10 GB
• C. 100 GB
• D. 1 TB

Answer: C

NEW QUESTION # 44
Given the exception thrown in the accompanying image by the Demisto REST API integration, which action would most likely solve the problem?

Which two playbook functionalities allow looping through a group of tasks during playbook execution? (Choose two.)

• A. Generic Polling Automation Playbook
• B. Playbook Functions
• C. Sub-Play books
• D. Playbook Tasks

Answer: A,C

NEW QUESTION # 45
Whichfour types of Traps logs are stored within Cortex Data Lake?

• A. Threat, Monitor. System, Analytic
• B. Threat, Config, System, Analytic
• C. Threat, Config, Authentication, Analytic
• D. Threat, Config, System,Data

Answer: D

NEW QUESTION # 46
A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?

• A. Tell them we can build it with Professional Services.
• B. Extend the POC window to allow the solution architects to build it
• C. Agree to build the integration as part of the POC
• D. Tell them custom integrations are not created as part of the POC

Answer: D

NEW QUESTION # 47
The certificate used for decryption was installed as a trusted toot CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console.What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

• A. disable SSL decryption
• B. enable SSL decryption
• C. reinstall the root CA certificate
• D. add paloaltonetworks.com to the SSL Decryption Exclusion list

Answer: A

NEW QUESTION # 48
In an Air-Gapped environment where the Docker package was manually installed after the Cortex XSOAR installation which action allows Cortex XSOAR to access Docker?

• A. enable the docker service
• B. create a "docker" group and add the "Cortex XSOAR" or "demisto" user to this group
• C. create a "Cortex XSOAR' or "demisto" group and add the "docker" user to this group
• D. disable the Cortex XSOAR service

Answer: C

NEW QUESTION # 49
When analyzing logs for indicators, which are used for only BIOC identification'?

• A. observed activity
• B. artifacts
• C. error messages
• D. techniques

Answer: D

NEW QUESTION # 50
Which step is required to prepare the VDI Golden Image?

• A. Ensure the latest content updates are installed
• B. Set the memory dumps to manual setting
• C. Review any PE files that WildFire determined to be malicious
• D. Run the VDI conversion tool

Answer: B

NEW QUESTION # 51
How can you view all the relevant incidents for an indicator?

• A. Related Indicators column in Incident Screen
• B. Linked Indicators column in Incident Screen
• C. Linked Incidents column in Indicator Screen
• D. Related Incidents column in Indicator Screen

Answer: D

NEW QUESTION # 52
If a customer activates a TMS tenant and has not purchased a Cortex Data Lake instance.
Palo Alto Networks will provide the customer with a free instance
What size is this free Cortex Data Lake instance?

• A. 10 TB
• B. 10 GB
• C. 100 GB
• D. 1 TB

Answer: D

NEW QUESTION # 53
What method does the Traps agent use to identify malware during a scheduled scan?

• A. Signature comparison
• B. Heuristic analysis
• C. WildFire hash comparison and dynamic analysis
• D. Local analysis

Answer: C

NEW QUESTION # 54
If you have a playbook task that errors out. where could you see the output of the task?

• A. Demisto Audit log
• B. /var/log/messages
• C. Playbook Editor
• D. War Room of the incident

Answer: D

NEW QUESTION # 55
......

Palo Alto Networks PSE-Cortex exam is a vendor-specific certification that demonstrates the candidate’s proficiency in the Cortex platform. PSE-Cortex exam covers a range of topics, including Cortex XDR, Cortex Data Lake, Cortex XSOAR, and Cortex Certifai. PSE-Cortex exam is intended for individuals who are already familiar with the Cortex platform and have hands-on experience working with it. Candidates who pass the PSE-Cortex exam will be recognized as Palo Alto Networks System Engineer - Cortex Professionals.

The PSE-Cortex exam is vendor-neutral, and it covers the key aspects of security operations that are relevant to Cortex XDR, including incident response, threat hunting, automation and orchestration, threat intelligence, and endpoint protection. PSE-Cortex exam is based on a combination of multiple-choice and scenario-based questions, which require candidates to demonstrate their comprehension of the real-world situations that they are likely to encounter when working with Cortex XDR. PSE-Cortex exam also tests candidates' ability to assess and communicate the strategic value of Cortex XDR to their stakeholders, including executives, IT staff, and end-users.

 

Dumps Real Palo Alto Networks PSE-Cortex Exam Questions [Updated 2024]: https://www.itexamsimulator.com/PSE-Cortex-brain-dumps.html

Prepare PSE-Cortex Question Answers Free Update With 100% Exam Passing Guarantee [2024]: https://drive.google.com/open?id=1vezbG7XQ3xpbJheaNPnSHo3NZ5vhfRNz