[May 13, 2023] PSE-Cortex Ultimate Study Guide - DumpsTorrent
Ultimate Guide to Prepare PSE-Cortex Certification Exam for Palo Alto Networks Certification in 2023
The PSE-Cortex certification exam is suitable for system engineers who are responsible for implementing, managing, and supporting Cortex XDR solutions. The exam covers a wide range of topics, including Cortex XDR architecture, installation and configuration, threat hunting and analysis, incident response, and more. The exam is designed to test the skills and knowledge of individuals in identifying and mitigating advanced threats using Cortex XDR.
NEW QUESTION # 21
What are two manual actions allowed on War Room entries? (Choose two.)
- A. Mark as scheduled entry
- B. Mark as note
- C. Mark as artifact
- D. Mark as evidence
Answer: B,D
NEW QUESTION # 22
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?
- A. @Bob
- B. #Bob
- C. /invite Bob
- D. !invite Bob
Answer: B
NEW QUESTION # 23
What is the retention requirement for Cortex Data Lake sizing?
- A. number of endpoints
- B. number of VM-Series NGFW
- C. logs per second
- D. number of days
Answer: D
Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-cortex-data-lake/set-log-storage-quota
NEW QUESTION # 24
Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?
- A. the chain's alert initiator
- B. The causality group owner
- C. the relevant shell
- D. the adversary's remote process
Answer: B
NEW QUESTION # 25
Which option is required to prepare the VDI Golden Image?
- A. Install the Cortex XOR Agent on the local machine
- B. Run the Cortex VDI conversion tool
- C. Use the Cortex XDR VDI tool to obtain verdicts for all PE files
- D. Configure the Golden Image as a persistent VDI
Answer: C
NEW QUESTION # 26
What is the result of creating an exception from an exploit security event?
- A. disables the triggered EPM for the host and process involve
- B. exempts administrators from generating alerts for 24 hours
- C. exempts the user from generating events for 24 hours
- D. White lists the process from Wild Fire analysis
Answer: A
NEW QUESTION # 27
What is the difference between an exception and an exclusion?
- A. An exception does not exist
- B. An exclusion is based on rules and exceptions are based on alerts.
- C. An exclusion does not exist
- D. An exception is based on rules and exclusions are on alerts
Answer: D
NEW QUESTION # 28
The prospect is deciding whether to go with a phishing or a ServiceNow use case as part of their POC We have integrations for both but a playbook for phishing only Which use case should be used for the POC?
- A. ServiceNow
- B. neither
- C. phishing
- D. either
Answer: C
NEW QUESTION # 29
The certificate used for decryption was installed as a trusted root CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?
- A. reinstall the root CA certificate
- B. add paloaltonetworks com to the SSL Decryption Exclusion list
- C. enable SSL decryption
- D. disable SSL decryption
Answer: A
NEW QUESTION # 30
A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified (exploit/windows/browser/ms16_051_vbscript) The description and current configuration of the exploit are as follows;
What is the remaining configuration?
A)
B)
C)
D)
- A. Option C
- B. Option B
- C. Option A
- D. Option D
Answer: D
NEW QUESTION # 31
An EDR project was initiated by a CISO. Which resource will likely have the most heavy influence on the project?
- A. SOC manager
- B. desktop engineer
- C. operations manager
- D. SOC analyst IT
Answer: A
NEW QUESTION # 32
How many use cases should a POC success criteria document include?
- A. 3 or more
- B. only 1
- C. no more than 5
- D. no more than 2
Answer: B
NEW QUESTION # 33
Which task allows the playbook to follow different paths based on specific conditions?
- A. Conditional
- B. Parallel
- C. Automation
- D. Manual
Answer: A
NEW QUESTION # 34
An antivirus refresh project was initiated by the IT operations executive. Who is the best source for discussion about the project's operational considerations'?
- A. SOC analyst
- B. SOC manager
- C. desktop engineer
- D. endpoint manager
Answer: A
NEW QUESTION # 35
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?
- A. @Bob
- B. #Bob
- C. /invite Bob
- D. !invite Bob
Answer: A
NEW QUESTION # 36
The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second Image? (Choose two.) SUCCESS
- A. The modified script attempted to access a dictionary key that did not exist in the dictionary named
"data" - B. The modified scnpt was run in the wrong Docker image
- C. The dictionary was defined incorrectly in the second script.
- D. The modified script required a different parameter to run successfully.
Answer: B
NEW QUESTION # 37
......
Palo Alto Networks Certification Fundamentals-PSE-Cortex Exam-Practice-Dumps: https://guidetorrent.dumpstorrent.com/PSE-Cortex-exam-prep.html