Best PSE-Cortex Exam Dumps for the Preparation of Latest PSE-Cortex Exam Questions
Download Latest & Valid Questions For Palo Alto Networks PSE-Cortex exam
NEW QUESTION 25
An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.
What is the safest way to do it?
- A. The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.
- B. The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console
- C. The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.
- D. The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console
Answer: B
NEW QUESTION 26
How do sub-playbooks affect the Incident Context Data?
- A. When set to global, allows parallel task execution.
- B. When set to private, task outputs do not automatically get written to the root context
- C. When set to global, sub-playbook tasks do not have access to the root context
- D. When set to private, task outputs automatically get written to the root context
Answer: B
NEW QUESTION 27
Which CLI query would bring back Notable Events from Splunk?
A)
B)
C)
D)
- A. Option C
- B. Option B
- C. Option D
- D. Option A
Answer: C
NEW QUESTION 28
The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?
- A. Cortex XDR Pro Per Endpoint
- B. Cortex XDR Endpoint
- C. Cortex XDR Prevent
- D. Cortex XDR Pro per TB
Answer: A
Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licenses/migrate-your-cortex-xdr-license
NEW QUESTION 29
Given the exception thrown in the accompanying image by the Demisto REST API integration, which action would most likely solve the problem?
Which two playbook functionalities allow looping through a group of tasks during playbook execution? (Choose two.)
- A. Sub-Play books
- B. Generic Polling Automation Playbook
- C. Playbook Tasks
- D. Playbook Functions
Answer: A,B
NEW QUESTION 30
Which option is required to prepare the VDI Golden Image?
- A. Configure the Golden Image as a persistent VDI
- B. Install the Cortex XOR Agent on the local machine
- C. Run the Cortex VDI conversion tool
- D. Use the Cortex XDR VDI tool to obtain verdicts for all PE files
Answer: C
NEW QUESTION 31
In an Air-Gapped environment where the Docker package was manually installed after the Cortex XSOAR installation which action allows Cortex XSOAR to access Docker?
- A. enable the docker service
- B. disable the Cortex XSOAR service
- C. create a "docker" group and add the "Cortex XSOAR" or "demisto" user to this group
- D. create a "Cortex XSOAR' or "demisto" group and add the "docker" user to this group
Answer: D
NEW QUESTION 32
When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the REST API?
- A. SplunkSearch automation
- B. Cortex XSOAR TA App for Splunk
- C. splunk-get-alerts integration command
- D. SplunkGO integration
Answer: B
NEW QUESTION 33
Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types? (Choose three.)
- A. Add new fields to an incident type
- B. Define whether a playbook runs automatically when an incident type is encountered
- C. Drop new incidents of the same type that contain similar information
- D. Set reminders for an incident SLA
- E. Define the way that incidents of a specific type are displayed in the system
Answer: B,D,E
NEW QUESTION 34
How do sub-playbooks affect the Incident Context Data?
- A. When set to global, sub-playbook tasks do not have access to the root context
- B. When set to global, allows parallel task execution.
- C. When set to private, task outputs do not automatically get written to the root context
- D. When set to private, task outputs automatically get written to the root context
Answer: A
NEW QUESTION 35
What are two manual actions allowed on War Room entries? (Choose two.)
- A. Mark as note
- B. Mark as artifact
- C. Mark as scheduled entry
- D. Mark as evidence
Answer: B
NEW QUESTION 36
Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?
- A. the relevant shell
- B. the chain's alert initiator
- C. The causality group owner
- D. the adversary's remote process
Answer: C
NEW QUESTION 37
Which step is required to prepare the VDI Golden Image?
- A. Ensure the latest content updates are installed
- B. Run the VDI conversion tool
- C. Review any PE files that WildFire determined to be malicious
- D. Set the memory dumps to manual setting
Answer: D
NEW QUESTION 38
What is the result of creating an exception from an exploit security event?
- A. exempts the user from generating events for 24 hours
- B. disables the triggered EPM for the host and process involve
- C. White lists the process from Wild Fire analysis
- D. exempts administrators from generating alerts for 24 hours
Answer: B
NEW QUESTION 39
Given the integration configuration and error in the screenshot what is the cause of the problem?
- A. incorrect instance name
- B. incorrect appliance port
- C. incorrect server URL
- D. incorrect Username and Password
Answer: A
NEW QUESTION 40
......
Exam Materials for You to Prepare & Pass PSE-Cortex Exam: https://certkingdom.practicedump.com/PSE-Cortex-practice-dumps.html