Palo Alto Networks Certification Certified Official Practice Test PSE-Cortex - Jan-2024 [Q11-Q30]

Palo Alto Networks Certification Certified Official Practice Test PSE-Cortex - Jan-2024

Ace Palo Alto Networks PSE-Cortex Certification with Actual Questions Jan 18, 2024 Updated

NEW QUESTION # 11
An Administrator is alerted to a Suspicious Process Creation security event from multiple users.
The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )

• A. Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist
• B. In the Cortex XDR security event, review the specific parent process, child process, and command line arguments
• C. With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module
• D. Contact support and ask for a security exception.

Answer: D

NEW QUESTION # 12
A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?

• A. Tell them custom integrations are not created as part of the POC
• B. Extend the POC window to allow the solution architects to build it
• C. Agree to build the integration as part of the POC
• D. Tell them we can build it with Professional Services.

Answer: B

NEW QUESTION # 13
The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second Image? (Choose two.) SUCCESS

• A. The modified script attempted to access a dictionary key that did not exist in the dictionary named "data"
• B. The dictionary was defined incorrectly in the second script.
• C. The modified script required a different parameter to run successfully.
• D. The modified scnpt was run in the wrong Docker image

Answer: D

NEW QUESTION # 14
During the TMS instance activation, a tenant (Customer) provides the following information for the fields in the Activation - Step 2 of 2 window.

During the service instance provisioning which three DNS host names are created? (Choose three.)

• A. hc-xnet50.traps.paloaltonetworks.com
• B. ch-xnet.traps.paloaltonetworks.com
• C. cc-xnet.traps.paloaltonetworks.com
• D. xnettraps.paloaltonetworks.com
• E. cc.xnet50traps.paloaltonetworks.com
• F. cc-xnet50.traps.paloaltonetworks.com

Answer: B,C,F

NEW QUESTION # 15
A General Purpose Dynamic Section can be added to which two layouts for incident types? (Choose two)

• A. Incident Summary
• B. Incident Quick View
• C. "Close" Incident Form
• D. "New"/Edit" Incident Form

Answer: A,B

NEW QUESTION # 16
Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

• A. Device Customization
• B. Agent Management
• C. Agent Configuration
• D. Device Control

Answer: D

Explanation:
https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-features-introduced-in-december-2019/ba-p/302231

NEW QUESTION # 17
Which two log types should be configured for firewall forwarding to the Cortex Data Lake for use by Cortex XDR? (Choose two)

• A. HIP
• B. Correlation
• C. Security Event
• D. Analytics

Answer: A,C

NEW QUESTION # 18
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three.)

• A. attack threat intelligence tag
• B. hostname
• C. quarantine status
• D. Domain/workgroup membership
• E. OS

Answer: B,C,E

NEW QUESTION # 19
An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.
What is the safest way to do it?

• A. The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console
• B. The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.
• C. The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console
• D. The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

Answer: C

NEW QUESTION # 20
When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the REST API?

• A. Cortex XSOAR TA App for Splunk
• B. SplunkSearch automation
• C. SplunkGO integration
• D. splunk-get-alerts integration command

Answer: A

NEW QUESTION # 21
Rearrange the steps into the correct order for modifying an incident layout.

Answer:

Explanation:

1 - Navigate to Settings > Advanced > Incident Types
2 - Select the incident type you want to customize the layout view for
3 - Edit the layout
4 - Select the Edit Layout option
5 - Navigate to Settings > Layout Builder

NEW QUESTION # 22
Which task allows the playbook to follow different paths based on specific conditions?

• A. Conditional
• B. Automation
• C. Manual
• D. Parallel

Answer: A

NEW QUESTION # 23
When analyzing logs for indicators, which are used for only BIOC identification'?

• A. observed activity
• B. error messages
• C. techniques
• D. artifacts

Answer: A

NEW QUESTION # 24
If a customer activates a TMS tenant and has not purchased a Cortex Data Lake instance.
Palo Alto Networks will provide the customer with a free instance
What size is this free Cortex Data Lake instance?

• A. 1 TB
• B. 10 GB
• C. 100 GB
• D. 10 TB

Answer: A

NEW QUESTION # 25
A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified (exploit/windows/browser/ms16_051_vbscript) The description and current configuration of the exploit are as follows;

What is the remaining configuration?
A)

B)

C)

D)

• A. Option C
• B. Option D
• C. Option A
• D. Option B

Answer: B

NEW QUESTION # 26
Given the exception thrown in the accompanying image by the Demisto REST API integration, which action would most likely solve the problem?

Which two playbook functionalities allow looping through a group of tasks during playbook execution? (Choose two.)

• A. Playbook Tasks
• B. Playbook Functions
• C. Generic Polling Automation Playbook
• D. Sub-Play books

Answer: C,D

NEW QUESTION # 27
A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake.
Where would the user configure the ratio of storage for each log type?

• A. Go to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota
• B. It is not possible to configure Cortex Data Lake quota for specific log types.
• C. Write a GPO for each endpoint agent to check in less often
• D. Within the TMS, create an agent settings profile and modify the Disk Quota value

Answer: A

NEW QUESTION # 28
What are two manual actions allowed on War Room entries? (Choose two.)

• A. Mark as note
• B. Mark as evidence
• C. Mark as artifact
• D. Mark as scheduled entry

Answer: C

NEW QUESTION # 29
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

• A. /invite Bob
• B. @Bob
• C. #Bob
• D. !invite Bob

Answer: C

NEW QUESTION # 30
......

Try Free and Start Using Realistic Verified PSE-Cortex Dumps Instantly.: https://www.testpassking.com/PSE-Cortex-exam-testking-pass.html

2024 The Most Effective PSE-Cortex with 60 Questions Answers: https://drive.google.com/open?id=1RTq5GykaQ9d7vcR8yOHOEx2y5Zc7enq6