Easter Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Paloalto Networks PSE-Cortex Palo Alto Networks System Engineer - Cortex Professional Exam Practice Test

Page: 1 / 17
Total 168 questions

Palo Alto Networks System Engineer - Cortex Professional Questions and Answers

Question 1

Which Cortex XDR capability allows for the immediate termination of a process discovered during investigation of a security event?

Options:

A.

file explorer

B.

Log stitching

C.

live sensor

D.

live terminal

Question 2

"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

Options:

A.

#Bob

B.

/invite Bob

C.

@Bob

D.

!invite Bob

Question 3

What is the requirement for enablement of endpoint and network analytics in Cortex XDR?

Options:

A.

Cloud Identity Engine configured and enabled

B.

Network Mapper applet on the Broker VM configured and enabled

C.

Logs from at least 30 endpoints over a minimum of two weeks

D.

Windows DHCP logs ingested via a Cortex XDR collector

Question 4

Which Cortex XDR license is required for a customer that requests endpoint detection and response (EDR) data collection capabilities?

Options:

A.

Cortex XDR Pro per TB

B.

Cortex XDR Endpoint

C.

Cortex XDR Prevent

D.

Cortex XDR Pro Per Endpoint

Question 5

On a multi-tenanted v6.2 Cortex XSOAR server, which path leads to the server.log for "Tenant1"?

Options:

A.

/var/log/demisto/acc_Tenant1/server.log

B.

/var/log/demisto/Tenant1/server.log

C.

/var/lib/demisto/acc_Tenant1/server.log

D.

/var/lib/demisto/server.log

Question 6

What is the recommended first step in planning a Cortex XDR deployment?

Options:

A.

Implement Cortex XDR across all endpoints without assessing architecture or assets

B.

Deploy agents across the entire environment for immediate protection.

C.

Deploy Cortex XDR on endpoints with the highest potential for attack.

D.

Conduct an assessment and identify critical assets and endpoint within the environment.

Question 7

What must a customer deploy prior to collecting endpoint data in Cortex XSIAM?

Options:

A.

Playbook

B.

Broker VM

C.

XDR agent

D.

External dynamic list

Question 8

How can the required log ingestion license be determined when sizing a Cortex XSIAM deployment?

Options:

A.

Use the Cortex Data Lake Calculator to estimate the volume of third-party logs.

B.

Count the number of correlation sources and multiply by desired retention days.

C.

Ask the customer for average log ingestion estimates from their existing SIEM.

D.

Ask the customer to provide average daily alert volume.

Question 9

Within Cortex XSIAM, how does the integration of Attack Surface Management (ASM) provide a unified approach to security event management that traditional SIEMs typically lack?

Options:

A.

By providing a queryable dataset of ASM data for threat hunting

B.

By offering dashboards on ASM data within the management console

C.

By manually correlating of ASM data with security events

D.

By enriching incidents with ASM data for all internet-facing assets

Question 10

Which Linux OS command will manually load Docker images onto the Cortex XSOAR server in an air-gapped environment?

Options:

A.

sudo repoquery -a --installed

B.

sudo demistoserver-x.x-xxxx.sh -- -tools=load

C.

sudo docker ps load

D.

sudo docker load -i YOUR_DOCKER_FILE.tar

Question 11

How does DBot score an indicator that has multiple reputation scores?

Options:

A.

uses the most severe score scores

B.

the reputation as undefined

C.

uses the average score

D.

uses the least severe score

Question 12

Which statement best describes the benefits of the combination of Prisma Cloud, Cortex Xpanse, and partner services?

Options:

A.

It achieves comprehensive multi-cloud visibility and security

B It optimizes network performance in multi-cloud environments

B.

It enhances on-premises security measures

C.

It streamlines the cloud migration processes

Question 13

Which attack method is a result of techniques designed to gain access through vulnerabilities in the code of an operating system (OS) or application?

Options:

A.

exploit

B.

malware

C.

phishing

D.

ransomware

Question 14

An adversary is attempting to communicate with malware running on your network for the purpose of controlling malware activities or for ex filtrating data from your network. Which Cortex XDR Analytics alert is this activity most likely to trigger'?

Options:

A.

Uncommon Local Scheduled Task Creation

B.

Malware

C.

New Administrative Behavior

D.

DNS Tunneling

Question 15

Which statement applies to the differentiation of Cortex XDR from security information and event management (SIEM)?

Options:

A.

SIEM has access to raw logs from agents, where Cortex XDR traditionally only gets alerts.

B.

Cortex XDR allows just logging into the console and out of the box the events were blocked as a proactive approach.

C.

Cortex XDR requires a large and diverse team of analysts and up to several weeks for simple actions like creating an alert.

D.

SIEM has been entirely designed and built as cloud-native, with the ability to stitch together cloud logs, on-premises logs, third-party logs, and endpoint logs.

Question 16

What is the primary purpose of Cortex XSIAM’s machine learning led design?

Options:

A.

To group alerts into incidents for manual analysis

B.

To facilitate alert and log management without automation

C.

To effectively handle the bulk of incidents through automation

D.

To rely heavily on human-driven detection and remediation

Question 17

What is the function of reputation scoring in the Threat Intelligence Module of Cortex XSIAM?

Options:

A.

It provides a statistical model for combining scores from multiple vendors

B.

It resolves conflicting scores from different vendors with the same indicator.

C.

It allows for comparison between open-source intelligence and paid services.

D.

It helps identify threat feed vendors with invalid content.

Question 18

When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the REST API?

Options:

A.

splunk-get-alerts integration command

B.

Cortex XSOAR TA App for Splunk

C.

SplunkSearch automation

D.

SplunkGO integration

Question 19

What does the Cortex XSOAR "Saved by Dbot" widget calculate?

Options:

A.

amount saved in Dollars according to actions carried out by all users in Cortex XSOAR across all incidents

B.

amount saved in Dollars by using Cortex XSOAR instead of other products

C.

amount of time saved by each playbook task within an incident

D.

amount of time saved by Dbot's machine learning (ML) capabilities

Question 20

A prospective customer is interested in Cortex XDR but is enable to run a product evaluation.

Which tool can be used instead to showcase Cortex XDR?

Options:

A.

Test Flight

B.

War Game

C.

Tech Rehearsal

D.

Capture the Flag

Question 21

Which four types of Traps logs are stored within Cortex Data Lake?

Options:

A.

Threat, Config, System, Data

B.

Threat, Config, System, Analytic

C.

Threat, Monitor. System, Analytic

D.

Threat, Config, Authentication, Analytic

Question 22

Cortex XDR external data ingestion processes ingest data from which sources?

Options:

A.

windows event logs only

B.

syslogs only

C.

windows event logs, syslogs, and custom external sources

D.

windows event logs and syslogs only

Question 23

A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake.

Where would the user configure the ratio of storage for each log type?

Options:

A.

Within the TMS, create an agent settings profile and modify the Disk Quota value

B.

It is not possible to configure Cortex Data Lake quota for specific log types.

C.

Go to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota

D.

Write a GPO for each endpoint agent to check in less often

Question 24

An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.

What is the safest way to do it?

Options:

A.

The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console

B.

The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.

C.

The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

D.

The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

Question 25

What are two ways Cortex XSIAM monitors for issues with data ingestion? (Choose two.)

Options:

A.

The Data Ingestion Health page identifies deviations from normal patterns of log collection

B.

The Cortex XSIAM Command Center dashboard will display a red icon if a data source is having issues.

C.

The tenant’s compute units consumption will change dramatically, indicating a collection issue.

D.

It automatically runs a copilot playbook to troubleshoot and resolve ingestion issues.

Question 26

Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types? (Choose three.)

Options:

A.

Define whether a playbook runs automatically when an incident type is encountered

B.

Set reminders for an incident SLA

C.

Add new fields to an incident type

D.

Define the way that incidents of a specific type are displayed in the system

E.

Drop new incidents of the same type that contain similar information

Question 27

Which solution profiles network behavior metadata, not payloads and files, allowing effective operation regardless of encrypted or unencrypted communication protocols, like HTTPS?

Options:

A.

endpoint protection platform (EPP)

B.

Security Information and Event Management (SIEM)

C.

endpoint detection and response (EDR)

D.

Network Detection and Response (NDR)

Question 28

Which Cortex XSIAM license is required if an organization needs to protect a cloud Kubernetes host?

Options:

A.

Attack Surface Management

B.

Cortex XSIAM Enterprise

C.

Identity Threat Detection and Response

D.

Cortex XSIAM Enterprise Plus

Question 29

How does an "inline" auto-extract task affect playbook execution?

Options:

A.

Doesn't wait until the indicators are enriched and continues executing the next step

B.

Doesn't wait until the indicators are enriched but populate context data before executing the next

C.

step. Wait until the indicators are enriched but doesn't populate context data before executing the next step.

D.

Wait until the indicators are enriched and populate context data before executing the next step.

Question 30

How does a clear understanding of a customer’s technical expertise assist in a hand off following the close of an opportunity?

Options:

A.

It enables customers to prepare for audits so they can demonstrate compliance.

B.

It helps in assigning additional technical tasks to the customer

C.

It allows implementation teams to bypass initial scoping exercises

D.

It enables post-sales teams to tailor their support and training appropriately

Question 31

What is a requirement when integrating Cortex XSIAM or Cortex XDR with other Palo Alto Networks products?

Options:

A.

Advanced logging service license

B.

HTTP Collector

C.

Devices in the same region as XDR/XSIAM

D.

XDR/XSIAM Broker VM

Question 32

What is the difference between the intel feed’s license quotas of Cortex XSOAR Starter Edition and Cortex XSOAR (SOAR + TIM)?

Options:

A.

Cortex XSOAR Started Edition has unlimited access to the Threat Intel Library.

B.

In Cortex XSOAR (SOAR + TIM), Unit 42 Intelligence is not included.

C.

In Cortex XSOAR (SOAR + TIM), intelligence detail view and relationships data are not included.

D.

Cortex XSOAR Starter Edition includes up to 5 active feeds and 100 indicators/fetch.

Question 33

What is a benefit offered by Cortex XSOAR?

Options:

A.

It provides advanced customization capabilities.

B.

It provides real-time protection across hosts and containers.

C.

It enables consolidation of multiple point products into a single integrated service.

D.

It enables a comprehensive view of the customer environment with regard to digital employee productivity.

Question 34

When preparing for a Cortex XSOAR proof of value (POV), which task should be performed before the evaluation is requested?

Options:

A.

Ensuring that the customer has single sign-on (SSO) configured in their environment

B.

Building out an executive-IeveI proposal detailing the product capabilities

C.

Planning for every different use case the customer has for the solution

D.

Gathering a list of the different integrations that will need to be configured

Question 35

Which task setting allows context output to a specific key?

Options:

A.

extend context

B.

stop on errors

C.

task output

D.

lags

Question 36

Which option describes a Load-Balancing Engine Group?

Options:

A.

A group of engines that use an algorithm to efficiently share the workload for integrations

B.

A group of engines that ensure High Availability of Demisto backend databases.

C.

A group of engines that use an algorithm to efficiently share the workload for automation scripts

D.

A group of D2 agents that share processing power across multiple endpoints

Question 37

A General Purpose Dynamic Section can be added to which two layouts for incident types? (Choose two)

Options:

A.

"Close" Incident Form

B.

Incident Summary

C.

Incident Quick View

D.

"New"/Edit" Incident Form

Question 38

How can Cortex XSOAR save time when a phishing incident occurs?

Options:

A.

It can automatically email staff to warn them about the phishing attack and show them a copy of the email.

B.

It can automatically respond to the phishing email to unsubscribe from future emails.

C.

It can automatically purge the email from user mailboxes in which it has not yet opened.

D.

It can automatically identify every mailbox that received the phish and create corresponding cases for them.

Question 39

An antivirus refresh project was initiated by the IT operations executive. Who is the best source for discussion about the project's operational considerations'?

Options:

A.

endpoint manager

B.

SOC manager

C.

SOC analyst

D.

desktop engineer

Question 40

Which two formats are supported by Whitelist? (Choose two)

Options:

A.

Regex

B.

STIX

C.

CSV

D.

CIDR

Question 41

A Cortex XSOAR customer has a phishing use case in which a playbook has been implemented with one of the steps blocking a malicious URL found in an email reported by one of the users.

What would be the appropriate next step in the playbook?

Options:

A.

Email the CISO to advise that malicious email was found.

B.

Disable the user's email account.

C.

Email the user to confirm the reported email was phishing.

D.

Change the user's password.

Question 42

Which option is required to prepare the VDI Golden Image?

Options:

A.

Configure the Golden Image as a persistent VDI

B.

Use the Cortex XDR VDI tool to obtain verdicts for all PE files

C.

Install the Cortex XOR Agent on the local machine

D.

Run the Cortex VDI conversion tool

Question 43

Which two entities can be created as a BIOC? (Choose two.)

Options:

A.

file

B.

registry

C.

event log

D.

alert log

Question 44

Rearrange the steps into the correct order for modifying an incident layout.

Question # 44

Options:

Question 45

In an Air-Gapped environment where the Docker package was manually installed after the Cortex XSOAR installation which action allows Cortex XSOAR to access Docker?

Options:

A.

create a “docker” group and add the "Cortex XSOAR" or "demisto" user to this group

B.

create a "Cortex XSOAR' or "demisto" group and add the "docker" user to this group

C.

disable the Cortex XSOAR service

D.

enable the docker service

Question 46

Which service helps uncover attackers wherever they hide by combining world-class threat hunters with Cortex XDR technology that runs on integrated endpoint, network, and cloud data sources?

Options:

A.

Cloud Identity Engine

B.

Managed Threat Hunting

C.

virtual desktop infrastructure (VDI)

D.

Threat Intelligence Platform (TIP)

Question 47

What is the size of the free Cortex Data Lake instance provided to a customer who has activated a TMS tenant, but has not purchased a Cortex Data Lake instance?

Options:

A.

10 GB

B.

1 TB

C.

10 TB

D.

100 GB

Question 48

What is the result of creating an exception from an exploit security event?

Options:

A.

Administrators are exempt from generating alerts for 24 hours.

B.

Process from WildFire analysis is whitelisted.

C.

Triggered exploit protection module (EPM) for the host and process involved is disabled.

D.

User is exempt from generating events for 24 hours.

Question 49

Which two methods does the Cortex XDR agent use to identify malware during a scheduled scan? (Choose two.)

Options:

A.

WildFire hash comparison

B.

heuristic analysis

C.

signature comparison

D.

dynamic analysis

Question 50

Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

Options:

A.

Response > Action Center

B.

the local console

C.

Telnet

D.

Endpoint > Endpoint Management

Page: 1 / 17
Total 168 questions