How Many Questions Of PSE-Cortex Exam Answers
Pinpoint of PSE-Cortex exam cram materials and free download for Paloalto-Networks certification for IT professionals, Real Success Guaranteed with Updated PSE-Cortex pdf dumps vce Materials. 100% PASS Palo Alto Networks System Engineer - Cortex Professional exam Today!
Online Paloalto-Networks PSE-Cortex free dumps demo Below:
NEW QUESTION 1
Which step is required to prepare the VDI Golden Image?
- A. Review any PE files that WildFire determined to be malicious
- B. Ensure the latest content updates are installed
- C. Run the VDI conversion tool
- D. Set the memory dumps to manual setting
Answer: A
NEW QUESTION 2
What are two manual actions allowed on War Room entries? (Choose two.)
- A. Mark as artifact
- B. Mark as scheduled entry
- C. Mark as note
- D. Mark as evidence
Answer: CD
NEW QUESTION 3
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three )
- A. alert root cause
- B. hostname
- C. domain/workgroup membership
- D. OS
- E. presence of Flash executable
Answer: BCD
NEW QUESTION 4
When analyzing logs for indicators, which are used for only BIOC identification'?
- A. observed activity
- B. artifacts
- C. techniques
- D. error messages
Answer: C
NEW QUESTION 5
Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )
- A. Response > Action Center
- B. the local console
- C. Telnet
- D. Endpoint > Endpoint Management
Answer: AD
NEW QUESTION 6
A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake. Where would the user configure the ratio of storage for each log type?
- A. Within the TMS, create an agent settings profile and modify the Disk Quota value
- B. It is not possible to configure Cortex Data Lake quota for specific log types.
- C. Go to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota
- D. Write a GPO for each endpoint agent to check in less often
Answer: C
NEW QUESTION 7
When a Demisto Engine is part of a Load-Balancing group it?
- A. Must be in a Load-Balancing group with at least another 3 members
- B. It must have port 443 open to allow the Demisto Server to establish a connection
- C. Can be used separately as an engine, only if connected to the Demisto Server directly
- D. Cannot be used separately and does not appear in the in the engines drop-down menu when configuring an integration instance
Answer: D
NEW QUESTION 8
Which option is required to prepare the VDI Golden Image?
- A. Configure the Golden Image as a persistent VDI
- B. Use the Cortex XDR VDI tool to obtain verdicts for all PE files
- C. Install the Cortex XOR Agent on the local machine
- D. Run the Cortex VDI conversion tool
Answer: B
NEW QUESTION 9
If you have a playbook task that errors out. where could you see the output of the task?
- A. /var/log/messages
- B. War Room of the incident
- C. Demisto Audit log
- D. Playbook Editor
Answer: B
NEW QUESTION 10
Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?
- A. the relevant shell
- B. The causality group owner
- C. the adversary's remote process
- D. the chain's alert initiator
Answer: B
NEW QUESTION 11
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?
- A. #Bob
- B. /invite Bob
- C. @Bob
- D. !invite Bob
Answer: C
NEW QUESTION 12
What are process exceptions used for?
- A. whitelist programs from WildFire analysis
- B. permit processes to load specific DLLs
- C. change the WildFire verdict for a given executable
- D. disable an EPM for a particular process
Answer: D
NEW QUESTION 13
What is the retention requirement for Cortex Data Lake sizing?
- A. number of endpoints
- B. number of VM-Series NGFW
- C. number of days
- D. logs per second
Answer: C
Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-corte
NEW QUESTION 14
An Administrator is alerted to a Suspicious Process Creation security event from multiple users.
The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )
- A. With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module
- B. Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist
- C. In the Cortex XDR security event, review the specific parent process, child process, and command line arguments
- D. Contact support and ask for a security exception.
Answer: BC
NEW QUESTION 15
The prospect is deciding whether to go with a phishing or a ServiceNow use case as part of their POC We have integrations for both but a playbook for phishing only Which use case should be used for the POC?
- A. phishing
- B. either
- C. ServiceNow
- D. neither
Answer: A
NEW QUESTION 16
The certificate used for decryption was installed as a trusted root CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?
- A. add paloaltonetworks com to the SSL Decryption Exclusion list
- B. enable SSL decryption
- C. disable SSL decryption
- D. reinstall the root CA certificate
Answer: D
NEW QUESTION 17
Which Cortex XDR capability extends investigations to an endpoint?
- A. Log Stitching
- B. Causality Chain
- C. Sensors
- D. Live Terminal
Answer: A
Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-conc
NEW QUESTION 18
......
Thanks for reading the newest PSE-Cortex exam dumps! We recommend you to try the PREMIUM Certleader PSE-Cortex dumps in VCE and PDF here: https://www.certleader.com/PSE-Cortex-dumps.html (60 Q&As Dumps)