Palo Alto Networks PSE-Cortex Exam Questions Instant Access

Question 1

Which service helps identify attackers by combining world-class threat intelligence with Cortex XSIAM technology?

AVirtual Desktop Infrastructure

BManaged Threat Hunting

CThreat Intelligence Platform

DCloud Identity Engine

Answer : B

Managed Threat Hunting combines world-class threat intelligence with Cortex XSIAM (Extended Security Intelligence and Automation Management) technology to help identify attackers. This service provides proactive threat hunting capabilities, allowing security teams to detect advanced threats and respond to potential attacks with the help of expert analysts and automated tools.

Question 2

An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.

What is the safest way to do it?

AThe administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console

BThe administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.

CThe administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

DThe administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

Answer : C

Question 3

Which playbook functionality allows grouping of tasks to create functional building blocks?

Aplaybook features

Bsub-playbooks

Cconditional tasks

Dmanual tasks

Answer : A

Question 4

Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?

Athe relevant shell

BThe causality group owner

Cthe adversary's remote process

Dthe chain's alert initiator

Answer : B

Question 5

When analyzing logs for indicators, which are used for only BIOC identification'?

Aobserved activity

Bartifacts

Ctechniques

Derror messages

Answer : C

Question 6

Which Linux OS command will manually load Docker images onto the Cortex XSOAR server in an air-gapped environment?

Asudo repoquery -a --installed

Bsudo demistoserver-x.x-xxxx.sh -- -tools=load

Csudo docker ps load

Dsudo docker load -i YOUR_DOCKER_FILE.tar

Answer : D

Question 7

When preparing for a Cortex XSOAR proof of value (POV), which task should be performed before the evaluation is requested?

AEnsuring that the customer has single sign-on (SSO) configured in their environment

BBuilding out an executive-IeveI proposal detailing the product capabilities

CPlanning for every different use case the customer has for the solution

DGathering a list of the different integrations that will need to be configured

Answer : D

Before requesting a Cortex XSOAR proof of value (POV) evaluation, it's important to gather a list of the different integrations that will need to be configured. This ensures that the POV can be tailored to the customer's environment and use cases, and allows the evaluation to be based on real-world data and workflows.

Palo Alto Networks System Engineer - Cortex Professional PSE-Cortex Exam Questions