Palo Alto Networks PSE-Cortex Dumps - The Sure Way To Pass Exam
PSE-Cortex Exam Questions (Updated 2024) 100% Real Question Answers
NEW QUESTION # 20
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?
- A. #Bob
- B. !invite Bob
- C. @Bob
- D. /invite Bob
Answer: C
NEW QUESTION # 21
Which task allows the playbook to follow different paths based on specific conditions?
- A. Conditional
- B. Parallel
- C. Automation
- D. Manual
Answer: D
NEW QUESTION # 22
A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?
- A. Tell them custom integrations are not created as part of the POC
- B. Extend the POC window to allow the solution architects to build it
- C. Agree to build the integration as part of the POC
- D. Tell them we can build it with Professional Services.
Answer: B
NEW QUESTION # 23
Which two formats are supported by Whitelist? (Choose two)
- A. Regex
- B. STIX
- C. CIDR
- D. CSV
Answer: C,D
NEW QUESTION # 24
An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them How should an administrator perform this evaluation?
- A. Gather information about the word processing applications and run them on a Windows XP SP3 VM Determine if any of the applications are vulnerable and run the exploit with an exploitation tool
- B. Prepare the latest version of Windows VM Gather information about the word processing applications, determine if some of them are vulnerable and prepare a working exploit for at least one of them Execute with an exploitation tool
- C. Run word processing exploits in a latest version of Windows VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities
- D. Run a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities
Answer: D
NEW QUESTION # 25
Which four types of Traps logs are stored within Cortex Data Lake?
- A. Threat, Config, Authentication, Analytic
- B. Threat, Monitor. System, Analytic
- C. Threat, Config, System, Data
- D. Threat, Config, System, Analytic
Answer: D
NEW QUESTION # 26
Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?
- A. Device Customization
- B. Agent Configuration
- C. Agent Management
- D. Device Control
Answer: D
Explanation:
Explanation
https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-features-introduced-in-december-2019/ba-p/302231
NEW QUESTION # 27
A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?
- A. Tell them custom integrations are not created as part of the POC
- B. Extend the POC window to allow the solution architects to build it
- C. Agree to build the integration as part of the POC
- D. Tell them we can build it with Professional Services.
Answer: A
NEW QUESTION # 28
A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake.
Where would the user configure the ratio of storage for each log type?
- A. Write a GPO for each endpoint agent to check in less often
- B. It is not possible to configure Cortex Data Lake quota for specific log types.
- C. Go to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota
- D. Within the TMS, create an agent settings profile and modify the Disk Quota value
Answer: C
NEW QUESTION # 29
Which two filter operators are available in Cortex XDR? (Choose two.)
- A. Contains
- B. < >
- C. =
- D. Is Contained By
Answer: A,C
NEW QUESTION # 30
Which step is required to prepare the VDI Golden Image?
- A. Run the VDI conversion tool
- B. Ensure the latest content updates are installed
- C. Set the memory dumps to manual setting
- D. Review any PE files that WildFire determined to be malicious
Answer: D
NEW QUESTION # 31
Rearrange the steps into the correct order for modifying an incident layout.
Answer:
Explanation:
NEW QUESTION # 32
Which task allows the playbook to follow different paths based on specific conditions?
- A. Parallel
- B. Manual
- C. Automation
- D. Conditional
Answer: D
NEW QUESTION # 33
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?
- A. @Bob
- B. #Bob
- C. !invite Bob
- D. /invite Bob
Answer: B
NEW QUESTION # 34
If you have a playbook task that errors out. where could you see the output of the task?
- A. Playbook Editor
- B. /var/log/messages
- C. Demisto Audit log
- D. War Room of the incident
Answer: A
NEW QUESTION # 35
What is the difference between an exception and an exclusion?
- A. An exclusion is based on rules and exceptions are based on alerts.
- B. An exception is based on rules and exclusions are on alerts
- C. An exclusion does not exist
- D. An exception does not exist
Answer: B
NEW QUESTION # 36
What method does the Traps agent use to identify malware during a scheduled scan?
- A. WildFire hash comparison and dynamic analysis
- B. Heuristic analysis
- C. Signature comparison
- D. Local analysis
Answer: A
NEW QUESTION # 37
Which Cortex XDR capability extends investigations to an endpoint?
- A. Sensors
- B. Log Stitching
- C. Causality Chain
- D. Live Terminal
Answer: B
Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-concepts
NEW QUESTION # 38
Which CLI query would bring back Notable Events from Splunk?
A)
B)
C)
D)
- A. Option C
- B. Option D
- C. Option B
- D. Option A
Answer: B
NEW QUESTION # 39
......
Pass Palo Alto Networks PSE-Cortex Exam Quickly With ITexamReview: https://examkiller.itexamreview.com/PSE-Cortex-valid-exam-braindumps.html
