[Q17-Q41] Real Exam Questions PSE-Cortex Dumps Exam Questions in here [Aug-2021]

Real Exam Questions PSE-Cortex Dumps Exam Questions in here [Aug-2021]

Get Latest Aug-2021 Conduct effective penetration tests using PSE-Cortex

NEW QUESTION 17
The certificate used for decryption was installed as a trusted toot CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console. What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

A. enable SSL decryption
B. disable SSL decryption
C. add paloaltonetworks.com to the SSL Decryption Exclusion list
D. reinstall the root CA certificate

Answer: D

NEW QUESTION 18
Which two log types should be configured for firewall forwarding to the Cortex Data Lake for use by Cortex XDR? (Choose two)

A. Security Event
B. HIP
C. Correlation
D. Analytics

Answer: A,B

NEW QUESTION 19
A General Purpose Dynamic Section can be added to which two layouts for incident types? (Choose two)

A. Incident Quick View
B. "Close" Incident Form
C. Incident Summary
D. "New"/Edit" Incident Form

Answer: A,C

NEW QUESTION 20
Which option is required to prepare the VDI Golden Image?

A. Install the Cortex XOR Agent on the local machine
B. Run the Cortex VDI conversion tool
C. Use the Cortex XDR VDI tool to obtain verdicts for all PE files
D. Configure the Golden Image as a persistent VDI

Answer: C

NEW QUESTION 21
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

A. /invite Bob
B. @Bob
C. #Bob
D. !invite Bob

Answer: C

NEW QUESTION 22
Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

A. the local console
B. Endpoint > Endpoint Management
C. Response > Action Center
D. Telnet

Answer: B,C

NEW QUESTION 23
When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the REST API?

A. SplunkGO integration
B. SplunkSearch automation
C. Cortex XSOAR TA App for Splunk
D. splunk-get-alerts integration command

Answer: D

NEW QUESTION 24
If an anomalous process is discovered while investigating the cause of a security event, you can take immediate action to terminate the process or the whole process tree, and block processes from running by initiating which Cortex XDR capability?

A. Live Terminal
B. Live Sensors
C. Log Stitching
D. File Explorer

Answer: A

NEW QUESTION 25
An antivirus refresh project was initiated by the IT operations executive. Who is the best source for discussion about the project's operational considerations'?

A. endpoint manager
B. desktop engineer
C. SOC analyst
D. SOC manager

Answer: C

NEW QUESTION 26
Rearrange the steps into the correct order for modifying an incident layout.

Answer:

Explanation:

1 - Navigate to Settings > Advanced > Incident Types
2 - Select the incident type you want to customize the layout view for
3 - Edit the layout
4 - Select the Edit Layout option
5 - Navigate to Settings > Layout Builder

NEW QUESTION 27
Which CLI query would bring back Notable Events from Splunk?
A)

B)

C)

D)

A. Option A
B. Option D
C. Option B
D. Option C

Answer: B

NEW QUESTION 28
Which step is required to prepare the VDI Golden Image?

A. Ensure the latest content updates are installed
B. Review any PE files that WildFire determined to be malicious
C. Set the memory dumps to manual setting
D. Run the VDI conversion tool

Answer: C

NEW QUESTION 29
Which task allows the playbook to follow different paths based on specific conditions?

A. Parallel
B. Conditional
C. Manual
D. Automation

Answer: B

NEW QUESTION 30
Given the exception thrown in the accompanying image by the Demisto REST API integration, which action would most likely solve the problem?

Which two playbook functionalities allow looping through a group of tasks during playbook execution? (Choose two.)

A. Generic Polling Automation Playbook
B. Playbook Functions
C. Sub-Play books
D. Playbook Tasks

Answer: A,C

NEW QUESTION 31
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three )

A. hostname
B. OS
C. presence of Flash executable
D. domain/workgroup membership
E. alert root cause

Answer: C,D,E

NEW QUESTION 32
Which two log types should be configuredfor firewall forwarding to the Cortex Data Lake for use by Cortex XDR?(Choose two)

A. Security Event
B. HIP
C. Correlation
D. Analytics

Answer: A,D

NEW QUESTION 33
Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

A. Device Control
B. Device Customization
C. Agent Configuration
D. Agent Management

Answer: A

Explanation:
Explanation
https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-features-introduced-in-december-2019/ba-p/302231

NEW QUESTION 34
The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?

A. Cortex XDR Endpoint
B. Cortex XDR Prevent
C. Cortex XDR Pro Per Endpoint
D. Cortex XDR Pro per TB

Answer: A

Explanation:
Explanation
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licen

NEW QUESTION 35
Which option is required to prepare the VDI Golden Image?

A. Install the Cortex XOR Agent on the local machine
B. Run the Cortex VDI conversion tool
C. Use the Cortex XDR VDI tool to obtain verdicts for all PE files
D. Configure the Golden Image as a persistent VDI

Answer: B

NEW QUESTION 36
Which Cortex XDR capability extends investigations to an endpoint?

A. Causality Chain
B. Log Stitching
C. Live Terminal
D. Sensors

Answer: B

Explanation:
Explanation
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-conc

NEW QUESTION 37
Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

A. the local console
B. Telnet
C. Response > Action Center
D. Endpoint > Endpoint Management

Answer: B,C

NEW QUESTION 38
What is the retention requirement for Cortex Data Lake sizing?

A. logs per second
B. number of days
C. number of endpoints
D. number of VM-Series NGFW

Answer: B

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-cortex-data-lake/set-log-storage-quota

NEW QUESTION 39
An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them How should an administrator perform this evaluation?

A. Prepare the latest version of Windows VM Gather information about the word processing applications, determine if some of them are vulnerable and prepare a working exploit for at least one of them Execute with an exploitation tool
B. Run word processing exploits in a latest version of Windows VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities
C. Gather information about the word processing applications and run them on a Windows XP SP3 VM Determine if any of the applications are vulnerable and run the exploit with an exploitation tool
D. Run a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities

Answer: D

NEW QUESTION 40
A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified (exploit/windows/browser/ms16_051_vbscript) The description and current configuration of the exploit are as follows;

What is the remaining configuration?
A)

B)

C)

D)