March Sale Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Paloalto Networks PSE-Cortex Dumps

Page: 1 / 2
Total 60 questions

Palo Alto Networks System Engineer - Cortex Professional Questions and Answers

Question 1

An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.

What is the safest way to do it?

Options:

A.

The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console

B.

The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.

C.

The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

D.

The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

Question 2

"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

Options:

A.

#Bob

B.

/invite Bob

C.

@Bob

D.

!invite Bob

Question 3

The certificate used for decryption was installed as a trusted root CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

Options:

A.

add paloaltonetworks com to the SSL Decryption Exclusion list

B.

enable SSL decryption

C.

disable SSL decryption

D.

reinstall the root CA certificate

Question 4

If you have a playbook task that errors out. where could you see the output of the task?

Options:

A.

/var/log/messages

B.

War Room of the incident

C.

Demisto Audit log

D.

Playbook Editor

Question 5

A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified

(exploit/windows/browser/ms16_051_vbscript)

The description and current configuration of the exploit are as follows;

What is the remaining configuration?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Question 6

A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake.

Where would the user configure the ratio of storage for each log type?

Options:

A.

Within the TMS, create an agent settings profile and modify the Disk Quota value

B.

It is not possible to configure Cortex Data Lake quota for specific log types.

C.

Go to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota

D.

Write a GPO for each endpoint agent to check in less often

Question 7

An Administrator is alerted to a Suspicious Process Creation security event from multiple users.

The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )

Options:

A.

With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module

B.

Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist

C.

In the Cortex XDR security event, review the specific parent process, child process, and command line arguments

D.

Contact support and ask for a security exception.

Question 8

What is the result of creating an exception from an exploit security event?

Options:

A.

White lists the process from Wild Fire analysis

B.

exempts the user from generating events for 24 hours

C.

exempts administrators from generating alerts for 24 hours

D.

disables the triggered EPM for the host and process involve

Question 9

If an anomalous process is discovered while investigating the cause of a security event, you can take immediate action to terminate the process or the whole process tree, and block processes from running by initiating which Cortex XDR capability?

Options:

A.

Live Sensors

B.

File Explorer

C.

Log Stitching

D.

Live Terminal

Page: 1 / 2
Total 60 questions