Palo Alto Networks PSE-Endpoint Exam Practice Test Instant Access

Question 1

Traps agents use a default password for uninstallation in the event that they never communicate with their ESM server. Identify the password.

APaloAlto!

BUninstall1

CNo password is required

DPassword1

Answer : D

Question 2

In a scenario that macOS Traps logs failed to be uploaded to the forensic folder, where will the user on the macOS host be able to find to collected logs?

A/ProgramData/Cyvera/Logs

B/ProgramData/Cyvera/Everyone/Temp

C/Library/Application Support/Cyvera/BITS Uploads/

D/Library/Application Support/PaloAltoNetworks/Traps/Upload/

Answer : D

Question 3

Which software category is most likely to cause a conflict with the Traps agent?

AExploit prevention software

BWeb browser software

CWeb meeting and collaboration software

DFull disk encryption software

Answer : A

Question 4

Assume a Child Process Protection rule exists for powershell.exe in Traps v 4.0. Among the items on the blacklist is ipconfig.exe. How can an administrator permit powershell.exe to execute ipconfig.exe without altering the rest of the blacklist?

Aadd ipconfig.exe to the Global Child Processes Whitelist, under Restriction settings.

BUninstall and reinstall the traps agent.

CCreate a second Child Process Protection rule for powershell.exe to whitelist ipconfig.exe.

DRemove ipconfig.exe from the rule's blacklist.

Answer : A

Question 5

A customer has an environment with the following:

* 1,000 agents communicating over SSL with two servers - one containing the ESM Server and another one where the ESM Console is installed

* BitsUploads resides on the ESM Console server

* ESM Server and Console are using the default pods tor communication

In a scenario where a file is failing to be uploaded from macOS, which three reasons could be directly related to the failure? (Choose three.)

ATraps agent is not able to check in with the ESM Server

BThe rate of upload is lower than 100Kb/S

CThe BITS address in the ESM is incorrect

DPort 2125 is blocked on the server which hosts BitsUploads

EPort 443 is blocked on the server which hosts BitsUploads

Answer : A, C, E

Question 6

A deployment contains some machines that are not part of the domain. The Accounting and Sales departments are two of these.

How can a policy of WildFire notification be applied to Accounting, and a policy of WildFire prevention be applied to Sales, while not affecting any other WildFire policies?

ACreate the rules and use the Objects tab to add Accounting and Sales to each rule they should apply to.

BCreate a condition for an application found on an Accounting machine. Use that condition for the Accounting groups rule, and create the rule tor Sales without any conditions.

CCreate two rules for WildFire: one for prevention, and one for notification. Make sure the Accounting rule is numbered higher.

DCreate group-specific registry entries on endpoints. Use these registry entries to create conditions for the WildFire rules

Answer : C

Question 7

There are two custom policy rules in ESM Console. Policy rule number 1000 turns ROP off for winword.exe. Policy rule number 1001 turns ROP on for winword.exe

What is the ROP module status for winword.exe?

ADue to the collision in the policy rules, ROP is enabled in notification mode.

BThe lower numbered policy rule takes precedence. ROP is off for winword.exe

CThe higher numbered policy rule takes precedence. ROP is on for winword.exe

DThe default policy rule takes precedence over both policy rules 1000 and 1001 and disables ROP for winword.exe

Answer : B

Palo Alto Networks PSE-Endpoint PSE Endpoint Professional Exam Practice Test