Palo Alto Networks PSE-Endpoint Exam Practice Test Instant Access

Question 1

An administrator is testing an exploit that is expected to be blocked by the JIT Mitigation EPM protecting the viewer application in use. No prevention occurs, and the attack is successful.

In which two ways can the administrator determine the reason for the missed prevention? (Choose two.)

ACheck in the HKLM\SYSTEM\Cyvera\Policy registry key and subkeys whether JIT Mitigation is enabled for this application

BCheck if a Just-In-Time debugger is installed on the system

CCheck that the Traps libraries are injected into the application

DCheck that all JIT Mitigation functions are enabled in the HKLM\SYSTEM\Cyvera\Policy\Organization\Process\Default registry key

Answer : A, C

Question 2

Which set of modules must be loaded and configured when using Metasploit?

AAttacker, payload

BExploit, payload

CExploit, malware

DMalware, host

Answer : C

Question 3

An administrator has decided to test Traps functionality using malware samples in an isolated non-production environment. In order to effectively test Traps, what three types of samples should the administrator avoid? (Choose three.)

AA sample with a low number of hits in Virus Total

BAn MS Office document which contains a ransomware macro

CA sample known to be flagged as grayware by Traps

DA freeware video application which spawns malicious processes

EA sample known to generate false positives in the production environment.

Answer : A, B, E

Question 4

A deployment contains some machines that are not part of the domain. The Accounting and Sales departments are two of these.

How can a policy of WildFire notification be applied to Accounting, and a policy of WildFire prevention be applied to Sales, while not affecting any other WildFire policies?

ACreate the rules and use the Objects tab to add Accounting and Sales to each rule they should apply to.

BCreate a condition for an application found on an Accounting machine. Use that condition for the Accounting groups rule, and create the rule tor Sales without any conditions.

CCreate two rules for WildFire: one for prevention, and one for notification. Make sure the Accounting rule is numbered higher.

DCreate group-specific registry entries on endpoints. Use these registry entries to create conditions for the WildFire rules

Answer : C

Question 5

A company discovers through the agent health display in ESM Console that a certain Traps agent is not communicating with ESM Server. Administrators suspect that the problem relates to TLS/SSL.

Which troubleshooting step determines if this is an SSL issue?

AFrom the agent run the command: telnet (hostname) (port)

BCheck that the Traps service is running

CFrom the agent run the command: ping (hostname)

DBrowse to the ESM hostname from the affected agent

Answer : D

Question 6

Assume a Child Process Protection rule exists for powershell.exe in Traps v 4.0. Among the items on the blacklist is ipconfig.exe. How can an administrator permit powershell.exe to execute ipconfig.exe without altering the rest of the blacklist?

Aadd ipconfig.exe to the Global Child Processes Whitelist, under Restriction settings.

BUninstall and reinstall the traps agent.

CCreate a second Child Process Protection rule for powershell.exe to whitelist ipconfig.exe.

DRemove ipconfig.exe from the rule's blacklist.

Answer : A

Question 7

Which version of .NET Framework is required as a prerequisite when installing Traps agent on Windows 7?

A.NET Framework 4.5

B.NET Framework 3.5.1

C.NET Framework 2.0

D.NET Framework 4.0

Answer : B

Palo Alto Networks PSE-Endpoint PSE Endpoint Professional Exam Practice Test