Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Paloalto Networks
  3. PSE-Cortex Professional
  4. PSE-Cortex-Pro-24
  5. Palo Alto Networks Systems Engineer Professional - Cortex Questions and Answers

Pass the Paloalto Networks PSE-Cortex Professional PSE-Cortex-Pro-24 Questions and answers with ValidTests

Exam PSE-Cortex-Pro-24 All Questions
Exam PSE-Cortex-Pro-24 Premium Access

View all detail and faqs for the PSE-Cortex-Pro-24 exam

Go to Exam
Viewing page 3 out of 6 pages
Viewing questions 21-30 out of questions
Questions # 21:

What is a benefit of user entity behavior analytics (UEBA) over security information and event management (SIEM)?

Options:

A.

SIEMs supports only agentless scanning, not agent-based workload protection across VMs, containers/Kubernetes.

B.

UEBA can add trusted signers of Windows or Mac processes to a whitelist in the Endpoint Security Manager (ESM) Console.

C.

SIEMs have difficulty detecting unknown or advanced security threats that do not involve malware, such as credential theft.

D.

UEBA establishes a secure connection in which endpoints can be routed, and it collects and forwards logs and files for analysis.

Expert Solution
Questions # 22:

A Cortex XSOAR customer wants to send a survey to users asking them to input their manager's email for a training use case so the manager can receive status reports on the employee's training. However, the customer is concerned users will provide incorrect information to avoid sending status updates to their manager.

How can Cortex XSOAR most efficiently sanitize user input prior to using the responses in the playbook?

Options:

A.

Create a task that sends the survey responses to the analyst via email. If the responses are incorrect, the analyst fills out the correct response in the survey.

B.

Create a manual task to ask the analyst to validate the survey response in the platform.

C.

Create a sub-playbook and import a list of manager emails into XSOAR. Use a conditional task comparison to check if the response matches an email on the list. If no matches are found, loop the sub-playbook and send the survey back to the user until a match is found.

D.

Create a conditional task comparison to check if the response contains a valid email address.

Expert Solution
Questions # 23:

Which playbook feature allows concurrent execution of tasks?

Options:

A.

parallel tasks

B.

automation tasks

C.

manual tasks

D.

conditional tasks

Expert Solution
Questions # 24:

What does Cortex Xpanse ingest from XDR endpoints?

Options:

A.

MAC addresses

B.

User-agent data

C.

Public IP addresses

D.

Hostnames

Expert Solution
Questions # 25:

What are process exceptions used for?

Options:

A.

whitelist programs from WildFire analysis

B.

permit processes to load specific DLLs

C.

change the WildFire verdict for a given executable

D.

disable an EPM for a particular process

Expert Solution
Questions # 26:

Which feature of Cortex XSIAM displays an entire picture of an attack, including the originating process or delivery point?

Options:

A.

Sample analysis

B.

Correlation rule

C.

Causality View

D.

Automation playbook

Expert Solution
Questions # 27:

An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.

What is the safest way to do it?

Options:

A.

The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console

B.

The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.

C.

The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

D.

The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

Expert Solution
Questions # 28:

The certificate used for decryption was installed as a trusted root CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

Options:

A.

add paloaltonetworks com to the SSL Decryption Exclusion list

B.

enable SSL decryption

C.

disable SSL decryption

D.

reinstall the root CA certificate

Expert Solution
Questions # 29:

Which command is used to add Cortex XSOAR "User1" to an investigation from the War Room command-line interface (CLI)?

Options:

A.

/invite User1

B.

#User1

C.

@User1

D.

!invite User1

Expert Solution
Questions # 30:

A customer wants the main Cortex XSOAR server installed in one site and wants to integrate with three other technologies in a second site.

What communications are required between the two sites if the customer wants to install a Cortex XSOAR engine in the second site?

Options:

A.

The Cortex XSOAR server at the first site must be able to initiate a connection to the Cortex XSOAR engine at the second site.

B.

All connectivity is initiated from the Cortex XSOAR server on the first site via a managed cloud proxy.

C.

Dedicated site-to-site virtual private network (VPN) is required for the Cortex XSOAR server at the first site to initiate a connection to the Cortex XSOAR engine at the second site.

D.

The Cortex XSOAR engine at the first site must be able to initiate a connection to the Cortex XSOAR server at the second site.

Expert Solution
Viewing page 3 out of 6 pages
Viewing questions 21-30 out of questions