Palo Alto Networks PSE-Cortex Exam Practice Test Instant Access

Question 1

How does an "inline" auto-extract task affect playbook execution?

ADoesn't wait until the indicators are enriched and continues executing the next step

BDoesn't wait until the indicators are enriched but populate context data before executing the next

Cstep. Wait until the indicators are enriched but doesn't populate context data before executing the next step.

DWait until the indicators are enriched and populate context data before executing the next step.

Answer : D

Question 2

An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them

How should an administrator perform this evaluation?

AGather information about the word processing applications and run them on a Windows XP SP3 VM Determine if any of the applications are vulnerable and run the exploit with an exploitation tool

BRun word processing exploits in a latest version of Windows VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities

CRun a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities

DPrepare the latest version of Windows VM Gather information about the word processing applications, determine if some of them are vulnerable and prepare a working exploit for at least one of them Execute with an exploitation tool

Answer : C

Question 3

Within Cortex XSIAM, how does the integration of Attack Surface Management (ASM) provide a unified approach to security event management that traditional SIEMs typically lack?

ABy providing a queryable dataset of ASM data for threat hunting

BBy offering dashboards on ASM data within the management console

CBy manually correlating of ASM data with security events

DBy enriching incidents with ASM data for all internet-facing assets

Answer : D

The integration of Attack Surface Management (ASM) in Cortex XSIAM enriches incidents with ASM data for all internet-facing assets, providing a unified approach to security event management. This integration helps identify and address vulnerabilities related to external assets, offering more context and enhancing the overall security incident response. Traditional SIEMs typically lack this level of integration with external asset visibility.

Question 4

When running a Cortex XSIAM proof of value (POV), why is it important to deploy the Cortex XDR agent?

AIt will prevent all threats in the environment.

BIt is used to enforce license compliance.

CIt runs automation daybooks on the endpoints.

DIt provides telemetry for stitching and analytics.

Answer : D

Deploying the Cortex XDR agent during a Cortex XSIAM proof of value (POV) is important because it provides telemetry for stitching and analytics. The agent collects endpoint data that is essential for detecting and correlating threats, enabling advanced analytics and providing the necessary context to improve incident response and decision-making in the security environment.

Question 5

In addition to incident volume, which four critical factors must be evaluated to determine effectiveness and ROI on cybersecurity planning and technology?

AAnalyst, training costs, duplicated, false positives

BPeople, staffing costs, duplicates, false positives

CPeople, security controls, mean time to detect, false positives

DStandard operating procedures, staffing costs, duplicates, mean time to respond

Answer : C

When evaluating the effectiveness and ROI on cybersecurity planning and technology, it's important to consider people, security controls, mean time to detect (MTTD), and false positives. These factors help ensure that the security infrastructure is both efficient and effective in preventing, detecting, and responding to threats, while optimizing the overall cost and resource allocation.

Question 6

An Administrator is alerted to a Suspicious Process Creation security event from multiple users.

The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )

AWith the Malware Security profile, disable the 'Prevent Malicious Child Process Execution' module

BWithin the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist

CIn the Cortex XDR security event, review the specific parent process, child process, and command line arguments

DContact support and ask for a security exception.

Answer : B, C

Question 7

Which service helps uncover attackers wherever they hide by combining world-class threat hunters with Cortex XDR technology that runs on integrated endpoint, network, and cloud data sources?

ACloud Identity Engine

BManaged Threat Hunting

Cvirtual desktop infrastructure (VDI)

DThreat Intelligence Platform (TIP)

Answer : B

Palo Alto Networks PSE-Cortex Palo Alto Networks System Engineer - Cortex Professional Exam Practice Test