Ultimate Guide to the PSE-Cortex - Latest Nov 28, 2021 Edition Available Now
2021 Updated Verified Pass PSE-Cortex Exam - Real Questions & Answers
NEW QUESTION 28
What is the result of creating an exception from an exploit security event?
- A. exempts administrators from generating alerts for 24 hours
- B. exempts the user from generating events for 24 hours
- C. disables the triggered EPM for the host and process involve
- D. White lists the process from Wild Fire analysis
Answer: C
NEW QUESTION 29
The certificate used for decryption was installed as a trusted toot CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console. What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?
- A. enable SSL decryption
- B. reinstall the root CA certificate
- C. add paloaltonetworks.com to the SSL Decryption Exclusion list
- D. disable SSL decryption
Answer: B
NEW QUESTION 30
A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified (exploit/windows/browser/ms16_051_vbscript) The description and current configuration of the exploit are as follows;
What is the remaining configuration?
A)
B)
C)
D)
- A. Option A
- B. Option C
- C. Option B
- D. Option D
Answer: D
NEW QUESTION 31
Which two items are stitched to the Cortex XDR causality chain'' (Choose two)
- A. full URL
- B. firewall alert
- C. SIEM alert
- D. registry set value
Answer: B,D
NEW QUESTION 32
How does DBot score an indicator that has multiple reputation scores?
- A. the reputation as undefined
- B. uses the most severe score scores
- C. uses the least severe score
- D. uses the average score
Answer: B
NEW QUESTION 33
The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?
- A. Cortex XDR Endpoint
- B. Cortex XDR Pro per TB
- C. Cortex XDR Pro Per Endpoint
- D. Cortex XDR Prevent
Answer: C
Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licenses/migrate-your-cortex-xdr-license
NEW QUESTION 34
Which step is required to prepare the VDI Golden Image?
- A. Set the memory dumps to manual setting
- B. Review any PE files that WildFire determined to be malicious
- C. Run the VDI conversion tool
- D. Ensure the latest content updates are installed
Answer: A
NEW QUESTION 35
How do sub-playbooks affect the Incident Context Data?
- A. When set to global, sub-playbook tasks do not have access to the root context
- B. When set to private, task outputs do not automatically get written to the root context
- C. When set to private, task outputs automatically get written to the root context
- D. When set to global, allows parallel task execution.
Answer: A
NEW QUESTION 36
When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the REST API?
- A. splunk-get-alerts integration command
- B. Cortex XSOAR TA App for Splunk
- C. SplunkSearch automation
- D. SplunkGO integration
Answer: A
NEW QUESTION 37
An Administrator is alerted to a Suspicious Process Creation security event from multiple users.
The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )
- A. Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist
- B. With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module
- C. Contact support and ask for a security exception.
- D. In the Cortex XDR security event, review the specific parent process, child process, and command line arguments
Answer: A,D
NEW QUESTION 38
Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types?
(Choose three.)
- A. Drop new incidents of the same type that contain similar information
- B. Define whether a playbook runs automatically when an incident type is encountered
- C. Add new fields to an incident type
- D. Set reminders for an incident SLA
- E. Define the way that incidents of a specific type are displayed in the system
Answer: A,B,E
NEW QUESTION 39
When analyzing logs for indicators, which are used for only BIOC identification'?
- A. artifacts
- B. techniques
- C. observed activity
- D. error messages
Answer: B
NEW QUESTION 40
Which deployment type supports installation of an engine on Windows, Mac OS. and Linux?
- A. RPM
- B. DEB
- C. ZIP
- D. SH
Answer: C
Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/engines/install-deploy-and-configure-demisto-engines/create-a-new-engine.html
NEW QUESTION 41
How many use cases should a POC success criteria document include?
- A. no more than 2
- B. no more than 5
- C. 3 or more
- D. only 1
Answer: D
NEW QUESTION 42
Which four types of Traps logs are stored within Cortex Data Lake?
- A. Threat, Config, Authentication, Analytic
- B. Threat, Config, System, Data
- C. Threat, Config, System, Analytic
- D. Threat, Monitor. System, Analytic
Answer: C
NEW QUESTION 43
Which two filter operators are available in Cortex XDR? (Choose two.)
- A. not Contains
- B. !*
- C. < >
- D. =>
Answer: A,B
Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr-pro/use-cortex-xdr/manage-tables.html
NEW QUESTION 44
......
Dumps Moneyack Guarantee - PSE-Cortex Dumps Approved Dumps: https://www.pass4leader.com/Palo-Alto-Networks/PSE-Cortex-exam.html
Verified PSE-Cortex Exam Dumps PDF [2021] Access using Pass4Leader: https://drive.google.com/open?id=1Xrx3Nzdw_OHVVL--711oOHYsfRLXEyTx