• Home
  • Articles
  • [Full-Version] 2024 New PSE-Cortex Actual Exam Dumps, Palo Alto Networks Practice Test [Q21-Q41]

[Full-Version] 2024 New PSE-Cortex Actual Exam Dumps, Palo Alto Networks Practice Test [Q21-Q41]

Share

[Full-Version] 2024 New PSE-Cortex Actual Exam Dumps,  Palo Alto Networks Practice Test

Study HIGH Quality PSE-Cortex Free Study Guides and Exams Tutorials

NEW QUESTION # 21
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

  • A. /invite Bob
  • B. !invite Bob
  • C. @Bob
  • D. #Bob

Answer: C


NEW QUESTION # 22
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three )

  • A. hostname
  • B. domain/workgroup membership
  • C. presence of Flash executable
  • D. OS
  • E. alert root cause

Answer: B,C,E


NEW QUESTION # 23
When a Demisto Engine is part of a Load-Balancing group it?

  • A. It must have port 443 open to allow the Demisto Server to establish a connection
  • B. Must be in a Load-Balancing group with at least another 3 members
  • C. Cannot be used separately and does not appear in the in the engines drop-down menu when configuring an integration instance
  • D. Can be used separately as an engine, only if connected to the Demisto Server directly

Answer: C


NEW QUESTION # 24
A General Purpose Dynamic Section can be added to which two layouts for incident types? (Choose two)

  • A. "Close" Incident Form
  • B. "New"/Edit" Incident Form
  • C. Incident Quick View
  • D. Incident Summary

Answer: C,D


NEW QUESTION # 25
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

  • A. /invite Bob
  • B. !invite Bob
  • C. @Bob
  • D. #Bob

Answer: D


NEW QUESTION # 26
What is the retention requirement for Cortex Data Lake sizing?

  • A. number of endpoints
  • B. logs per second
  • C. number of VM-Series NGFW
  • D. number of days

Answer: D

Explanation:
Explanation
https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-corte


NEW QUESTION # 27
An Administrator is alerted to a Suspicious Process Creation security event from multiple users.
The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )

  • A. With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module
  • B. In the Cortex XDR security event, review the specific parent process, child process, and command line arguments
  • C. Contact support and ask for a security exception.
  • D. Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist

Answer: C


NEW QUESTION # 28
A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified (exploit/windows/browser/ms16_051_vbscript) The description and current configuration of the exploit are as follows;

What is the remaining configuration?
A)

B)

C)

D)

  • A. Option A
  • B. Option D
  • C. Option B
  • D. Option C

Answer: B


NEW QUESTION # 29
Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

  • A. Agent Management
  • B. Device Control
  • C. Device Customization
  • D. Agent Configuration

Answer: B

Explanation:
https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-features-introduced-in-december-2019/ba-p/302231


NEW QUESTION # 30
Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

  • A. Agent Management
  • B. Device Control
  • C. Device Customization
  • D. Agent Configuration

Answer: B

Explanation:
Explanation
https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-features-introduced-in-december-2019/ba-p/302231


NEW QUESTION # 31
In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?

  • A. Brand
  • B. Vendor
  • C. Type
  • D. Using

Answer: B


NEW QUESTION # 32
Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

  • A. Endpoint > Endpoint Management
  • B. Telnet
  • C. Response > Action Center
  • D. the local console

Answer: B,C


NEW QUESTION # 33
Rearrange the steps into the correct order for modifying an incident layout.

Answer:

Explanation:

1 - Navigate to Settings > Advanced > Incident Types
2 - Select the incident type you want to customize the layout view for
3 - Edit the layout
4 - Select the Edit Layout option
5 - Navigate to Settings > Layout Builder


NEW QUESTION # 34
A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?

  • A. Tell them custom integrations are not created as part of the POC
  • B. Agree to build the integration as part of the POC
  • C. Tell them we can build it with Professional Services.
  • D. Extend the POC window to allow the solution architects to build it

Answer: D


NEW QUESTION # 35
Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)

  • A. registry entry
  • B. IP
  • C. domain
  • D. endpoint hostname

Answer: A,D


NEW QUESTION # 36
How does an "inline" auto-extract task affect playbook execution?

  • A. Wait until the indicators are enriched and populate context data before executing the next step.
  • B. Doesn't wait until the indicators are enriched but populate context data before executing the next
  • C. step. Wait until the indicators are enriched but doesn't populate context data before executing the next step.
  • D. Doesn't wait until the indicators are enriched and continues executing the next step

Answer: A


NEW QUESTION # 37
What are process exceptions used for?

  • A. whitelist programs from WildFire analysis
  • B. change the WildFire verdict for a given executable
  • C. disable an EPM for a particular process
  • D. permit processes to load specific DLLs

Answer: A


NEW QUESTION # 38
A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified (exploit/windows/browser/ms16_051_vbscript) The description and current configuration of the exploit are as follows;

What is the remaining configuration?
A)

B)

C)

D)

  • A. Option A
  • B. Option D
  • C. Option B
  • D. Option C

Answer: B


NEW QUESTION # 39
The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second Image? (Choose two.) SUCCESS

  • A. The dictionary was defined incorrectly in the second script.
  • B. The modified script required a different parameter to run successfully.
  • C. The modified script attempted to access a dictionary key that did not exist in the dictionary named
    "data"
  • D. The modified scnpt was run in the wrong Docker image

Answer: D


NEW QUESTION # 40
Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)

  • A. registry entry
  • B. endpoint hostname
  • C. domain
  • D. IP

Answer: C,D


NEW QUESTION # 41
......

Get 100% Real Free Palo Alto Networks Certification PSE-Cortex Sample Questions: https://www.lead2passed.com/Palo-Alto-Networks/PSE-Cortex-practice-exam-dumps.html

Download Palo Alto Networks PSE-Cortex Exam Dumps to Pass Exam Easily: https://drive.google.com/open?id=1GICb4GEDI0YqfNdZYJIAdP_Q9hXNxK_0

Related Articles

more
Palo Alto Networks PSE-Cortex Certification Practice Exam