Pass PSE-Cortex Exam with Updated PSE-Cortex Exam Dumps PDF 2022 [Q30-Q52]

Pass PSE-Cortex Exam with Updated PSE-Cortex Exam Dumps PDF 2022

PSE-Cortex Exam Dumps - Free Demo & 365 Day Updates

NEW QUESTION 30
When analyzing logs for indicators, which are used for only BIOC identification'?

• A. error messages
• B. artifacts
• C. observed activity
• D. techniques

Answer: D

 

NEW QUESTION 31
In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?

• A. Using
• B. Vendor
• C. Brand
• D. Type

Answer: B

 

NEW QUESTION 32
What method does the Traps agent use to identify malware during a scheduled scan?

• A. Signature comparison
• B. WildFire hash comparison and dynamic analysis
• C. Local analysis
• D. Heuristic analysis

Answer: B

 

NEW QUESTION 33
Which two filter operators are available in Cortex XDR? (Choose two.)

• A. Contains
• B. =
• C. < >
• D. Is Contained By

Answer: A,B

 

NEW QUESTION 34
Which two filter operators are available in Cortex XDR? (Choose two.)

• A. < >
• B. !*
• C. =>
• D. not Contains

Answer: B,D

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr-pro/use-cortex-xdr/manage-tables.html

 

NEW QUESTION 35
If an anomalous process is discovered while investigating the cause of a security event, you can take immediate action to terminate the process or the whole process tree, and block processes from running by initiating which Cortex XDR capability?

• A. Live Terminal
• B. Live Sensors
• C. Log Stitching
• D. File Explorer

Answer: A

 

NEW QUESTION 36
Which option is required to prepare the VDI Golden Image?

• A. Install the Cortex XOR Agent on the local machine
• B. Run the Cortex VDI conversion tool
• C. Configure the Golden Image as a persistent VDI
• D. Use the Cortex XDR VDI tool to obtain verdicts for all PE files

Answer: D

 

NEW QUESTION 37
What is the retention requirement for Cortex Data Lake sizing?

• A. logs per second
• B. number of days
• C. number of endpoints
• D. number of VM-Series NGFW

Answer: B

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-cortex-data-lake/set-log-storage-quota

 

NEW QUESTION 38
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

• A. #Bob
• B. @Bob
• C. !invite Bob
• D. /invite Bob

Answer: A

 

NEW QUESTION 39
What are process exceptions used for?

• A. permit processes to load specific DLLs
• B. whitelist programs from WildFire analysis
• C. change the WildFire verdict for a given executable
• D. disable an EPM for a particular process

Answer: B

 

NEW QUESTION 40
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three.)

• A. quarantine status
• B. Domain/workgroup membership
• C. attack threat intelligence tag
• D. OS
• E. hostname

Answer: A,D,E

 

NEW QUESTION 41
Which deployment type supports installation of an engine on Windows, Mac OS. and Linux?

• A. DEB
• B. RPM
• C. SH
• D. ZIP

Answer: D

Explanation:
Explanation
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/engines/install-deploy-and-config

 

NEW QUESTION 42
Which option describes a Load-Balancing Engine Group?

• A. A group of engines that use an algorithm to efficiently share the workload for integrations
• B. A group of engines that ensure High Availability of Demisto backend databases.
• C. A group of engines that use an algorithm to efficiently share the workload for automation scripts
• D. A group of D2 agents that share processing power across multiple endpoints

Answer: C

 

NEW QUESTION 43
Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)

• A. IP
• B. domain
• C. endpoint hostname
• D. registry entry

Answer: A,B

 

NEW QUESTION 44
When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the REST API?

• A. splunk-get-alerts integration command
• B. Cortex XSOAR TA App for Splunk
• C. SplunkSearch automation
• D. SplunkGO integration

Answer: A

 

NEW QUESTION 45
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

• A. #Bob
• B. !invite Bob
• C. @Bob
• D. /invite Bob

Answer: C

 

NEW QUESTION 46
Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

• A. the local console
• B. Response > Action Center
• C. Telnet
• D. Endpoint > Endpoint Management

Answer: B,C

 

NEW QUESTION 47
An antivirus refresh project was initiated by the IT operations executive. Who is the best source for discussion about the project's operational considerations'?

• A. SOC manager
• B. endpoint manager
• C. SOC analyst
• D. desktop engineer

Answer: C

 

NEW QUESTION 48
An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.
What is the safest way to do it?

• A. The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.
• B. The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.
• C. The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console
• D. The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console

Answer: B

 

NEW QUESTION 49
If a customer activates a TMS tenant and has not purchased a Cortex Data Lake instance.
Palo Alto Networks will provide the customer with a free instance
What size is this free Cortex Data Lake instance?

• A. 100 GB
• B. 10 GB
• C. 1 TB
• D. 10 TB

Answer: A

 

NEW QUESTION 50
An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them How should an administrator perform this evaluation?

• A. Prepare the latest version of Windows VM Gather information about the word processing applications, determine if some of them are vulnerable and prepare a working exploit for at least one of them Execute with an exploitation tool
• B. Run word processing exploits in a latest version of Windows VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities
• C. Run a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities
• D. Gather information about the word processing applications and run them on a Windows XP SP3 VM Determine if any of the applications are vulnerable and run the exploit with an exploitation tool

Answer: C

 

NEW QUESTION 51
The certificate used for decryption was installed as a trusted toot CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console.What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

• A. enable SSL decryption
• B. disable SSL decryption
• C. add paloaltonetworks.com to the SSL Decryption Exclusion list
• D. reinstall the root CA certificate

Answer: B

 

NEW QUESTION 52
......

PSE-Cortex Dumps - Pass Your Certification Exam: https://www.dumpexams.com/PSE-Cortex-real-answers.html

Free Sales Ending Soon - Use Real  PSE-Cortex PDF Questions: https://drive.google.com/open?id=1kIzLML2g2A-zMAF9hoQpTkWCzxmwgVWt