Palo Alto Networks PSE-Endpoint Exam Practice Test Instant Access

Question 1

Assume a Child Process Protection rule exists for powershell.exe in Traps v 4.0. Among the items on the blacklist is ipconfig.exe. How can an administrator permit powershell.exe to execute ipconfig.exe without altering the rest of the blacklist?

Aadd ipconfig.exe to the Global Child Processes Whitelist, under Restriction settings.

BUninstall and reinstall the traps agent.

CCreate a second Child Process Protection rule for powershell.exe to whitelist ipconfig.exe.

DRemove ipconfig.exe from the rule's blacklist.

Answer : A

Question 2

An administrator has decided to test Traps functionality using malware samples in an isolated non-production environment. In order to effectively test Traps, what three types of samples should the administrator avoid? (Choose three.)

AA sample with a low number of hits in Virus Total

BAn MS Office document which contains a ransomware macro

CA sample known to be flagged as grayware by Traps

DA freeware video application which spawns malicious processes

EA sample known to generate false positives in the production environment.

Answer : A, B, E

Question 3

An ESM server's SSL certificate needs two Enhanced Key Usage purposes:

Client Authentication and ________________

AServer Authentication

BFile Recovery

CIP Security User

DIP Security Tunnel Termination

Answer : A

Question 4

Uploads to the ESM Sever are failing.

How can the mechanism for forensic and WildFire uploads be tested from the endpoint?

AUse BITS commands in PowerShell to send a file to the ESM Server

BUse curl to execute a POST operation

CUse SCP commands from a ssh client to transfer a file to the ESM Server

DClick Check-in now in the agent console

Answer : D

Question 5

A company is trying to understand which platform can be installed on their environment:

Select the three endpoints where Traps can be installed (Choose three).

AWindows 10 LTSB with 2 GB RAM, 500MB free disk space and Intel Core i5 CPU

BWindows 2000 SP4 with 1 GB RAM, 4 GB free disk space and Intel Pentium 4 CPU

CApple iPhone 6s

DWindows Server 2012 R2 Standard Edition in FIPS Mode, with 4GB RAM, 20GB free disk space, running on VMware ESXi.

E15'' MacBook Pro running macOS 10.12 with 16GB RAM, Intel Core i7 CPU and 100GB tree disk space

Answer : A, D, E

Question 6

Which MSI command line parameters will successfully install a Traps agent using SSL and pointed to server ESM?

Amsiexec /i c:\traps.msi /qn TRAPS_SERVER=ESM USE_SSL_PRIMARY=1

Bmsiexec /i c:\traps.msi /qn CYVERA_SERVER=ESM USE_SSL_PRIMARY=1

Cmsiexec /i c:\traps.msi /qn ESM_SERVER=ESM USE_SSL_PRIMARY=1

Dmsiexec /x c:\traps.msi /qn SERVER=ESM USE_SSL_PRIMARY=1

Answer : B

Question 7

An administrator has installed Traps 4.0. The administrator wants to test the malware protections provided. What sample should they use to test the protections provided by Traps?

AA sample with a low number of hits in Virus Total

BA toolbar package known to be flagged as grayware by Traps

CA sample known to generate false positives in the production environment

DAn MS Office document which contains a ransomware macro

Answer : D

Palo Alto Networks PSE Endpoint Professional Exam Practice Test