Palo Alto Networks PSE-Endpoint Exam Questions Instant Access

Question 1

An administrator has installed Traps 4.0. The administrator wants to test the malware protections provided. What sample should they use to test the protections provided by Traps?

AA sample with a low number of hits in Virus Total

BA toolbar package known to be flagged as grayware by Traps

CA sample known to generate false positives in the production environment

DAn MS Office document which contains a ransomware macro

Answer : D

Question 2

The administrator has added the following whitelist to the WildFire Executable Files policy.

*\mysoftware.exe

What will be the result of this whitelist?

Ausers will not be able to run mysoftware.exe.

Bmysoftware.exe will be uploaded to WildFire for analysis

Cmysoftware.exe will not be analyzed by WildFire regardless of the file location.

Dmysoftware.exe will not be analyzed by WildFire, but only if executed from the C drive.

Answer : B

Question 3

A company discovers through the agent health display in ESM Console that a certain Traps agent is not communicating with ESM Server. Administrators suspect that the problem relates to TLS/SSL.

Which troubleshooting step determines if this is an SSL issue?

AFrom the agent run the command: telnet (hostname) (port)

BCheck that the Traps service is running

CFrom the agent run the command: ping (hostname)

DBrowse to the ESM hostname from the affected agent

Answer : D

Question 4

A large manufacturer is planning to roll out Traps to 75,000 endpoints. Their environment consists of three major sites with 24,000 endpoints each, plus about 3,000 remote endpoints in smaller remote locations using always-on VPN connections to a single one of the major sites. The customer wants to minimize network traffic between the major sites, but all endpoints have internet access. The customer is looking for a centrally managed solution with common reporting and management for all endpoints in the environment.

Which design option would be appropriate for this environment?

APlace the Traps database. ESM Console and two ESM core servers in the large site hosting the VPN gateway, and force all endpoints to use VPN at all times.

BPlace the Traps database, ESM Console and seven ESM core servers in a public-cloud environment where the ESM Core servers are accessible from the internet.

CPlace a Traps database, ESM Console and an ESM core server in each of the three large sites.

DPlace the Traps database and ESM Console in one of the major sites, and one ESM core server in each of the three major sites.

Answer : D

Question 5

When planning to test a software exploit using a Metasploit module, what two options should be considered about the victim host to ensure success?

AUSB port version of the victim host

BSpeed and make of the victim's RAM

Csoftware version of the target application

Dplatform, architecture, and patch level of the victim host

Answer : A, C

Question 6

Assume a Child Process Protection rule exists for powershell.exe in Traps v 4.0. Among the items on the blacklist is ipconfig.exe. How can an administrator permit powershell.exe to execute ipconfig.exe without altering the rest of the blacklist?

Aadd ipconfig.exe to the Global Child Processes Whitelist, under Restriction settings.

BUninstall and reinstall the traps agent.

CCreate a second Child Process Protection rule for powershell.exe to whitelist ipconfig.exe.

DRemove ipconfig.exe from the rule's blacklist.

Answer : A

Question 7

An administrator is concerned about rogue installs of Internet Explorer.

Which policy can be created to assure that Internet Explorer can only run from the \Program Files \Internet Explorer \directory?

AAn execution path policy to blacklist iexplore.exe, and whitelist entry for %programfiles%\iexplore.exe

BAn execution path policy to blacklist *\iexplore.exe. Trusted signers will allow the default iexplore.exe

CA whitelist of *\iexplore.exe with an execution path restriction, and a blackfirst of %system%\iexplore.exe

DAn execution path policy to blacklist *\iexplore.exe, and a whitelist entry for %programfiles%\Internet Explorer\iexplore.exe

Answer : D

Palo Alto Networks PSE Endpoint Professional PSE-Endpoint Exam Questions