Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Discussions
  1. Home
  2. Paloalto Networks
  3. PSE-Cortex Professional
  4. PSE-Cortex
  5. Palo Alto Networks System Engineer - Cortex Professional Questions and Answers

Pass the Paloalto Networks PSE-Cortex Professional PSE-Cortex Questions and answers with ValidTests

Exam PSE-Cortex All Questions
Exam PSE-Cortex Premium Access

View all detail and faqs for the PSE-Cortex exam

Go to Exam
Viewing page 1 out of 6 pages
Viewing questions 1-10 out of questions
Questions # 1:

The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?

Options:

A.

Cortex XDR Pro per TB

B.

Cortex XDR Prevent

C.

Cortex XDR Endpoint

D.

Cortex XDR Pro Per Endpoint

Expert Solution
Questions # 2:

An adversary is attempting to communicate with malware running on your network for the purpose of controlling malware activities or for ex filtrating data from your network. Which Cortex XDR Analytics alert is this activity most likely to trigger'?

Options:

A.

Uncommon Local Scheduled Task Creation

B.

Malware

C.

New Administrative Behavior

D.

DNS Tunneling

Expert Solution
Questions # 3:

Which two filter operators are available in Cortex XDR? (Choose two.)

Options:

A.

not Contains

B.

!*

C.

=>

D.

< >

Expert Solution
Questions # 4:

If an anomalous process is discovered while investigating the cause of a security event, you can take immediate action to terminate the process or the whole process tree, and block processes from running by initiating which Cortex XDR capability?

Options:

A.

Live Sensors

B.

File Explorer

C.

Log Stitching

D.

Live Terminal

Expert Solution
Questions # 5:

Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?

Options:

A.

the relevant shell

B.

The causality group owner

C.

the adversary's remote process

D.

the chain's alert initiator

Expert Solution
Questions # 6:

A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake.

Where would the user configure the ratio of storage for each log type?

Options:

A.

Within the TMS, create an agent settings profile and modify the Disk Quota value

B.

It is not possible to configure Cortex Data Lake quota for specific log types.

C.

Go to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota

D.

Write a GPO for each endpoint agent to check in less often

Expert Solution
Questions # 7:

In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three )

Options:

A.

alert root cause

B.

hostname

C.

domain/workgroup membership

D.

OS

E.

presence of Flash executable

Expert Solution
Questions # 8:

How does an "inline" auto-extract task affect playbook execution?

Options:

A.

Doesn't wait until the indicators are enriched and continues executing the next step

B.

Doesn't wait until the indicators are enriched but populate context data before executing the next

C.

step. Wait until the indicators are enriched but doesn't populate context data before executing the next step.

D.

Wait until the indicators are enriched and populate context data before executing the next step.

Expert Solution
Questions # 9:

Which option is required to prepare the VDI Golden Image?

Options:

A.

Configure the Golden Image as a persistent VDI

B.

Use the Cortex XDR VDI tool to obtain verdicts for all PE files

C.

Install the Cortex XOR Agent on the local machine

D.

Run the Cortex VDI conversion tool

Expert Solution
Questions # 10:

What is the difference between an exception and an exclusion?

Options:

A.

An exception is based on rules and exclusions are on alerts

B.

An exclusion is based on rules and exceptions are based on alerts.

C.

An exception does not exist

D.

An exclusion does not exist

Expert Solution
Viewing page 1 out of 6 pages
Viewing questions 1-10 out of questions