How Many Questions Of PSE-Cortex Exam Answers

NEW QUESTION 1
Which step is required to prepare the VDI Golden Image?

• A. Review any PE files that WildFire determined to be malicious
• B. Ensure the latest content updates are installed
• C. Run the VDI conversion tool
• D. Set the memory dumps to manual setting

Answer: A

NEW QUESTION 2
What are two manual actions allowed on War Room entries? (Choose two.)

• A. Mark as artifact
• B. Mark as scheduled entry
• C. Mark as note
• D. Mark as evidence

Answer: CD

NEW QUESTION 3
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three )

• A. alert root cause
• B. hostname
• C. domain/workgroup membership
• D. OS
• E. presence of Flash executable

Answer: BCD

NEW QUESTION 4
When analyzing logs for indicators, which are used for only BIOC identification'?

• A. observed activity
• B. artifacts
• C. techniques
• D. error messages

Answer: C

NEW QUESTION 5
Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

• A. Response > Action Center
• B. the local console
• C. Telnet
• D. Endpoint > Endpoint Management

Answer: AD

NEW QUESTION 6
A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake. Where would the user configure the ratio of storage for each log type?

• A. Within the TMS, create an agent settings profile and modify the Disk Quota value
• B. It is not possible to configure Cortex Data Lake quota for specific log types.
• C. Go to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota
• D. Write a GPO for each endpoint agent to check in less often

Answer: C

NEW QUESTION 7
When a Demisto Engine is part of a Load-Balancing group it?

• A. Must be in a Load-Balancing group with at least another 3 members
• B. It must have port 443 open to allow the Demisto Server to establish a connection
• C. Can be used separately as an engine, only if connected to the Demisto Server directly
• D. Cannot be used separately and does not appear in the in the engines drop-down menu when configuring an integration instance

Answer: D

NEW QUESTION 8
Which option is required to prepare the VDI Golden Image?

• A. Configure the Golden Image as a persistent VDI
• B. Use the Cortex XDR VDI tool to obtain verdicts for all PE files
• C. Install the Cortex XOR Agent on the local machine
• D. Run the Cortex VDI conversion tool

Answer: B

NEW QUESTION 9
If you have a playbook task that errors out. where could you see the output of the task?

• A. /var/log/messages
• B. War Room of the incident
• C. Demisto Audit log
• D. Playbook Editor

Answer: B

NEW QUESTION 10
Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?

• A. the relevant shell
• B. The causality group owner
• C. the adversary's remote process
• D. the chain's alert initiator

Answer: B

NEW QUESTION 11
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

• A. #Bob
• B. /invite Bob
• C. @Bob
• D. !invite Bob

Answer: C

NEW QUESTION 12
What are process exceptions used for?

• A. whitelist programs from WildFire analysis
• B. permit processes to load specific DLLs
• C. change the WildFire verdict for a given executable
• D. disable an EPM for a particular process

Answer: D

NEW QUESTION 13
What is the retention requirement for Cortex Data Lake sizing?

• A. number of endpoints
• B. number of VM-Series NGFW
• C. number of days
• D. logs per second

Answer: C

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-corte

NEW QUESTION 14
An Administrator is alerted to a Suspicious Process Creation security event from multiple users.
The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )

• A. With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module
• B. Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist
• C. In the Cortex XDR security event, review the specific parent process, child process, and command line arguments
• D. Contact support and ask for a security exception.

Answer: BC

NEW QUESTION 15
The prospect is deciding whether to go with a phishing or a ServiceNow use case as part of their POC We have integrations for both but a playbook for phishing only Which use case should be used for the POC?

• A. phishing
• B. either
• C. ServiceNow
• D. neither

Answer: A

NEW QUESTION 16
The certificate used for decryption was installed as a trusted root CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

• A. add paloaltonetworks com to the SSL Decryption Exclusion list
• B. enable SSL decryption
• C. disable SSL decryption
• D. reinstall the root CA certificate

Answer: D

NEW QUESTION 17
Which Cortex XDR capability extends investigations to an endpoint?

• A. Log Stitching
• B. Causality Chain
• C. Sensors
• D. Live Terminal

Answer: A

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-conc

NEW QUESTION 18
......