2022 Latest PSE-Cortex Exam Dumps Recently Updated 60 Questions [Q10-Q33]

2022 Latest PSE-Cortex Exam Dumps Recently Updated 60 Questions

Palo Alto Networks PSE-Cortex Real 2022 Braindumps Mock Exam Dumps

NEW QUESTION 10
A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?

• A. Tell them we can build it with Professional Services.
• B. Extend the POC window to allow the solution architects to build it
• C. Agree to build the integration as part of the POC
• D. Tell them custom integrations are not created as part of the POC

Answer: D

 

NEW QUESTION 11
In an Air-Gapped environment where the Docker package was manually installed after the Cortex XSOAR installation which action allows Cortex XSOAR to access Docker?

• A. disable the Cortex XSOAR service
• B. enable the docker service
• C. create a "docker" group and add the "Cortex XSOAR" or "demisto" user to this group
• D. create a "Cortex XSOAR' or "demisto" group and add the "docker" user to this group

Answer: D

 

NEW QUESTION 12
Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

• A. Endpoint > Endpoint Management
• B. Telnet
• C. Response > Action Center
• D. the local console

Answer: B,C

 

NEW QUESTION 13
The certificate used for decryption was installed as a trusted toot CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console.What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

• A. disable SSL decryption
• B. add paloaltonetworks.com to the SSL Decryption Exclusion list
• C. enable SSL decryption
• D. reinstall the root CA certificate

Answer: A

 

NEW QUESTION 14
A General Purpose Dynamic Section can be added to which two layouts for incident types? (Choose two)

• A. "New"/Edit" Incident Form
• B. Incident Quick View
• C. "Close" Incident Form
• D. Incident Summary

Answer: B,D

 

NEW QUESTION 15
When a Demisto Engine is part of a Load-Balancing group it?

• A. It must have port 443 open to allow the Demisto Server to establish a connection
• B. Can be used separately as an engine, only if connected to the Demisto Server directly
• C. Cannot be used separately and does not appear in the in the engines drop-down menu when configuring an integration instance
• D. Must be in a Load-Balancing group with at least another 3 members

Answer: C

 

NEW QUESTION 16
Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)

• A. IP
• B. endpoint hostname
• C. domain
• D. registry entry

Answer: B,D

 

NEW QUESTION 17
Whichfour types of Traps logs are stored within Cortex Data Lake?

• A. Threat, Config, System,Data
• B. Threat, Config, System, Analytic
• C. Threat, Monitor. System, Analytic
• D. Threat, Config, Authentication, Analytic

Answer: A

 

NEW QUESTION 18
An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.
What is the safest way to do it?

• A. The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.
• B. The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console
• C. The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console
• D. The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

Answer: D

 

NEW QUESTION 19
What are process exceptions used for?

• A. whitelist programs from WildFire analysis
• B. change the WildFire verdict for a given executable
• C. permit processes to load specific DLLs
• D. disable an EPM for a particular process

Answer: D

 

NEW QUESTION 20
What is the difference between an exception and an exclusion?

• A. An exception does not exist
• B. An exception is based on rules and exclusions are on alerts
• C. An exclusion is based on rules and exceptions are based on alerts.
• D. An exclusion does not exist

Answer: B

 

NEW QUESTION 21
What method does the Traps agent use to identify malware during a scheduled scan?

• A. Heuristic analysis
• B. WildFire hash comparison and dynamic analysis
• C. Signature comparison
• D. Local analysis

Answer: B

 

NEW QUESTION 22
A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake.
Where would the user configure the ratio of storage for each log type?

• A. Write a GPO for each endpoint agent to check in less often
• B. Within the TMS, create an agent settings profile and modify the Disk Quota value
• C. Go to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota
• D. It is not possible to configure Cortex Data Lake quota for specific log types.

Answer: C

 

NEW QUESTION 23
Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types?
(Choose three.)

• A. Drop new incidents of the same type that contain similar information
• B. Add new fields to an incident type
• C. Define the way that incidents of a specific type are displayed in the system
• D. Set reminders for an incident SLA
• E. Define whether a playbook runs automatically when an incident type is encountered

Answer: A,C,E

 

NEW QUESTION 24
Given the exception thrown in the accompanying image by the Demisto REST API integration, which action would most likely solve the problem?

Which two playbook functionalities allow looping through a group of tasks during playbook execution?
(Choose two.)

• A. Sub-Play books
• B. Generic Polling Automation Playbook
• C. Playbook Tasks
• D. Playbook Functions

Answer: A,D

 

NEW QUESTION 25
Given the exception thrown in the accompanying image by the Demisto REST API integration, which action would most likely solve the problem?

Which two playbook functionalities allow looping through a group of tasks during playbook execution? (Choose two.)

• A. Sub-Play books
• B. Generic Polling Automation Playbook
• C. Playbook Functions
• D. Playbook Tasks

Answer: A,B

 

NEW QUESTION 26
Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)

• A. endpoint hostname
• B. domain
• C. registry entry
• D. IP

Answer: B,D

 

NEW QUESTION 27
What is the retention requirement for Cortex Data Lake sizing?

• A. number of endpoints
• B. number of VM-Series NGFW
• C. logs per second
• D. number of days

Answer: D

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-cortex-data-lake/set-log-storage-quota

 

NEW QUESTION 28
Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?

• A. the adversary's remote process
• B. The causality group owner
• C. the chain's alert initiator
• D. the relevant shell

Answer: B

 

NEW QUESTION 29
A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified (exploit/windows/browser/ms16_051_vbscript) The description and current configuration of the exploit are as follows;

What is the remaining configuration?
A)

B)

C)

D)

• A. Option C
• B. Option B
• C. Option A
• D. Option D

Answer: D

 

NEW QUESTION 30
An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.
What is the safest way to do it?

• A. The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.
• B. The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console
• C. The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console
• D. The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

Answer: B

 

NEW QUESTION 31
Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

• A. Agent Configuration
• B. Device Customization
• C. Device Control
• D. Agent Management

Answer: C

Explanation:
https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-features-introduced-in-december-2019/ba-p/302231

 

NEW QUESTION 32
If a customer activates a TMS tenant and has not purchased a Cortex Data Lake instance.
Palo Alto Networks will provide the customer with a free instance
What size is this free Cortex Data Lake instance?

• A. 100 GB
• B. 10 GB
• C. 10 TB
• D. 1 TB

Answer: D

 

NEW QUESTION 33
......

Verified PSE-Cortex Exam Dumps Q&As - Provide PSE-Cortex with Correct Answers: https://www.dumpexams.com/PSE-Cortex-real-answers.html

PSE-Cortex Exam Questions | Real PSE-Cortex Practice Dumps: https://drive.google.com/open?id=10rFElgPTGRbt6xBWt45iLLm80OgAa-ya