• Home
  • Articles
  • [Oct 09, 2021] PSE-Cortex PDF Dumps is essential on your PSE-Cortex Exam Questions Certain Success! [Q11-Q30]

[Oct 09, 2021] PSE-Cortex PDF Dumps is essential on your PSE-Cortex Exam Questions Certain Success! [Q11-Q30]

Share

[Oct 09, 2021]  PSE-Cortex PDF Dumps is essential on your PSE-Cortex Exam Questions Certain Success!

PSE-Cortex PDF Questions - Perfect Prospect To Go With PSE-Cortex Practice Exam

NEW QUESTION 11
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three.)

  • A. quarantine status
  • B. hostname
  • C. OS
  • D. attack threat intelligence tag
  • E. Domain/workgroup membership

Answer: A,B,C

 

NEW QUESTION 12
Which two filter operators are available in Cortex XDR? (Choose two.)

  • A. =>
  • B. not Contains
  • C. < >
  • D. !*

Answer: B,D

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr-pro/use-cortex-xdr/manage-tables.html

 

NEW QUESTION 13
If an anomalous process is discovered while investigating the cause of a security event, you can take immediate action to terminate the process or the whole process tree, and block processes from running by initiating which Cortex XDR capability?

  • A. Live Terminal
  • B. Live Sensors
  • C. Log Stitching
  • D. File Explorer

Answer: A

 

NEW QUESTION 14
The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?

  • A. Cortex XDR Endpoint
  • B. Cortex XDR Prevent
  • C. Cortex XDR Pro Per Endpoint
  • D. Cortex XDR Pro per TB

Answer: A

Explanation:
Explanation
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licen

 

NEW QUESTION 15
Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

  • A. Device Control
  • B. Device Customization
  • C. Agent Configuration
  • D. Agent Management

Answer: A

Explanation:
Explanation
https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-features-introduced-in-december-2019/ba-p/302231

 

NEW QUESTION 16
Which two items are stitched to the Cortex XDR causality chain'' (Choose two)

  • A. registry set value
  • B. full URL
  • C. SIEM alert
  • D. firewall alert

Answer: A,D

 

NEW QUESTION 17
In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?

  • A. Vendor
  • B. Using
  • C. Brand
  • D. Type

Answer: A

 

NEW QUESTION 18
Which task allows the playbook to follow different paths based on specific conditions?

  • A. Parallel
  • B. Conditional
  • C. Manual
  • D. Automation

Answer: B

 

NEW QUESTION 19
A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?

  • A. Tell them custom integrations are not created as part of the POC
  • B. Tell them we can build it with Professional Services.
  • C. Agree to build the integration as part of the POC
  • D. Extend the POC window to allow the solution architects to build it

Answer: A

 

NEW QUESTION 20
A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified (exploit/windows/browser/ms16_051_vbscript) The description and current configuration of the exploit are as follows;

What is the remaining configuration?
A)

B)

C)

D)

  • A. Option A
  • B. Option D
  • C. Option B
  • D. Option C

Answer: B

 

NEW QUESTION 21
Which two items are stitched to the Cortex XDR causality chain'' (Choose two)

  • A. full URL
  • B. SIEM alert
  • C. firewall alert
  • D. registry set value

Answer: A,C

 

NEW QUESTION 22
A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake.
Where would the user configure the ratio of storage for each log type?

  • A. Go to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota
  • B. Within the TMS, create an agent settings profile and modify the Disk Quota value
  • C. Write a GPO for each endpoint agent to check in less often
  • D. It is not possible to configure Cortex Data Lake quota for specific log types.

Answer: A

 

NEW QUESTION 23
Which CLI query would bring back Notable Events from Splunk?
A)

B)

C)

D)

  • A. Option A
  • B. Option D
  • C. Option B
  • D. Option C

Answer: B

 

NEW QUESTION 24
Rearrange the steps into the correct order for modifying an incident layout.

Answer:

Explanation:

1 - Navigate to Settings > Advanced > Incident Types
2 - Select the incident type you want to customize the layout view for
3 - Edit the layout
4 - Select the Edit Layout option
5 - Navigate to Settings > Layout Builder

 

NEW QUESTION 25
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

  • A. @Bob
  • B. /invite Bob
  • C. #Bob
  • D. !invite Bob

Answer: A

 

NEW QUESTION 26
A General Purpose Dynamic Section can be added to which two layouts for incident types? (Choose two)

  • A. Incident Quick View
  • B. "Close" Incident Form
  • C. Incident Summary
  • D. "New"/Edit" Incident Form

Answer: A,C

 

NEW QUESTION 27
What is the result of creating an exception from an exploit security event?

  • A. exempts administrators from generating alerts for 24 hours
  • B. White lists the process from Wild Fire analysis
  • C. disables the triggered EPM for the host and process involve
  • D. exempts the user from generating events for 24 hours

Answer: C

 

NEW QUESTION 28
What is the difference between an exception and an exclusion?

  • A. An exclusion does not exist
  • B. An exception is based on rules and exclusions are on alerts
  • C. An exclusion is based on rules and exceptions are based on alerts.
  • D. An exception does not exist

Answer: B

 

NEW QUESTION 29
In an Air-Gapped environment where the Docker package was manually installed after the Cortex XSOAR installation which action allows Cortex XSOAR to access Docker?

  • A. enable the docker service
  • B. disable the Cortex XSOAR service
  • C. create a "Cortex XSOAR' or "demisto" group and add the "docker" user to this group
  • D. create a "docker" group and add the "Cortex XSOAR" or "demisto" user to this group

Answer: C

 

NEW QUESTION 30
......

PSE-Cortex Exam with Accurate Palo Alto Networks System Engineer - Cortex Professional PDF Questions: https://www.vce4plus.com/Palo-Alto-Networks/PSE-Cortex-valid-vce-dumps.html

True Palo Alto Networks Exam Extraordinary Practice For the PSE-Cortex Exam: https://drive.google.com/open?id=1LTyHEkmPmtcYuwRRfZcmN_T53Zqj1spB

Related Articles

more
Palo Alto Networks PSE-Cortex Certification Practice Exam