New Year Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Paloalto Networks PSE-Cortex Palo Alto Networks System Engineer - Cortex Professional Exam Practice Test

Page: 1 / 6
Total 60 questions

Palo Alto Networks System Engineer - Cortex Professional Questions and Answers

Question 1

What are two manual actions allowed on War Room entries? (Choose two.)

Options:

A.

Mark as artifact

B.

Mark as scheduled entry

C.

Mark as note

D.

Mark as evidence

Question 2

Which two log types should be configured for firewall forwarding to the Cortex Data Lake for use by Cortex XDR? (Choose two)

Options:

A.

Security Event

B.

HIP

C.

Correlation

D.

Analytics

Question 3

Which two filter operators are available in Cortex XDR? (Choose two.)

Options:

A.

not Contains

B.

!*

C.

=>

D.

< >

Question 4

Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

Options:

A.

Agent Configuration

B.

Device Control

C.

Device Customization

D.

Agent Management

Question 5

An EDR project was initiated by a CISO. Which resource will likely have the most heavy influence on the project?

Options:

A.

desktop engineer

B.

SOC manager

C.

SOC analyst IT

D.

operations manager

Question 6

An adversary is attempting to communicate with malware running on your network for the purpose of controlling malware activities or for ex filtrating data from your network. Which Cortex XDR Analytics alert is this activity most likely to trigger'?

Options:

A.

Uncommon Local Scheduled Task Creation

B.

Malware

C.

New Administrative Behavior

D.

DNS Tunneling

Question 7

When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the REST API?

Options:

A.

splunk-get-alerts integration command

B.

Cortex XSOAR TA App for Splunk

C.

SplunkSearch automation

D.

SplunkGO integration

Question 8

The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second Image? (Choose two.)

SUCCESS

Question # 8

Options:

A.

The modified scnpt was run in the wrong Docker image

B.

The modified script required a different parameter to run successfully.

C.

The dictionary was defined incorrectly in the second script.

D.

The modified script attempted to access a dictionary key that did not exist in the dictionary named "data”

Question 9

How can you view all the relevant incidents for an indicator?

Options:

A.

Linked Incidents column in Indicator Screen

B.

Linked Indicators column in Incident Screen

C.

Related Indicators column in Incident Screen

D.

Related Incidents column in Indicator Screen

Page: 1 / 6
Total 60 questions