Palo Alto Networks PSE-Endpoint Exam Practice Test Instant Access

Question 1

An administrator is concerned about rogue installs of Internet Explorer.

Which policy can be created to assure that Internet Explorer can only run from the \Program Files \Internet Explorer \directory?

AAn execution path policy to blacklist iexplore.exe, and whitelist entry for %programfiles%\iexplore.exe

BAn execution path policy to blacklist *\iexplore.exe. Trusted signers will allow the default iexplore.exe

CA whitelist of *\iexplore.exe with an execution path restriction, and a blackfirst of %system%\iexplore.exe

DAn execution path policy to blacklist *\iexplore.exe, and a whitelist entry for %programfiles%\Internet Explorer\iexplore.exe

Answer : D

Question 2

An administrator has decided to test Traps functionality using malware samples in an isolated non-production environment. In order to effectively test Traps, what three types of samples should the administrator avoid? (Choose three.)

AA sample with a low number of hits in Virus Total

BAn MS Office document which contains a ransomware macro

CA sample known to be flagged as grayware by Traps

DA freeware video application which spawns malicious processes

EA sample known to generate false positives in the production environment.

Answer : A, B, E

Question 3

An ESM server's SSL certificate needs two Enhanced Key Usage purposes:

Client Authentication and ________________

AServer Authentication

BFile Recovery

CIP Security User

DIP Security Tunnel Termination

Answer : A

Question 4

Uploads to the ESM Sever are failing.

How can the mechanism for forensic and WildFire uploads be tested from the endpoint?

AUse BITS commands in PowerShell to send a file to the ESM Server

BUse curl to execute a POST operation

CUse SCP commands from a ssh client to transfer a file to the ESM Server

DClick Check-in now in the agent console

Answer : D

Question 5

A company is trying to understand which platform can be installed on their environment:

Select the three endpoints where Traps can be installed (Choose three).

AWindows 10 LTSB with 2 GB RAM, 500MB free disk space and Intel Core i5 CPU

BWindows 2000 SP4 with 1 GB RAM, 4 GB free disk space and Intel Pentium 4 CPU

CApple iPhone 6s

DWindows Server 2012 R2 Standard Edition in FIPS Mode, with 4GB RAM, 20GB free disk space, running on VMware ESXi.

E15'' MacBook Pro running macOS 10.12 with 16GB RAM, Intel Core i7 CPU and 100GB tree disk space

Answer : A, D, E

Question 6

There are two custom policy rules in ESM Console. Policy rule number 1000 turns ROP off for winword.exe. Policy rule number 1001 turns ROP on for winword.exe

What is the ROP module status for winword.exe?

ADue to the collision in the policy rules, ROP is enabled in notification mode.

BThe lower numbered policy rule takes precedence. ROP is off for winword.exe

CThe higher numbered policy rule takes precedence. ROP is on for winword.exe

DThe default policy rule takes precedence over both policy rules 1000 and 1001 and disables ROP for winword.exe

Answer : B

Question 7

Which two enhanced key usage purposes are necessary when creating an SSL certificate for an ESM server? (Choose two.)

AFile Recovery

BServer Authentication

CClient Authentication

DKey Recovery

Answer : B, C