Paloalto-Networks PSE-Cortex Free Practice Questions

NEW QUESTION 1
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three.)

• A. Domain/workgroup membership
• B. quarantine status
• C. hostname
• D. OS
• E. attack threat intelligence tag

Answer: BCD

NEW QUESTION 2
The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?

• A. Cortex XDR Pro per TB
• B. Cortex XDR Prevent
• C. Cortex XDR Endpoint
• D. Cortex XDR Pro Per Endpoint

Answer: D

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licen

NEW QUESTION 3
Which two filter operators are available in Cortex XDR? (Choose two.)

• A. not Contains
• B. !*
• C. =>
• D. < >

Answer: AB

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr-pro/use-c

NEW QUESTION 4
If a customer activates a TMS tenant and has not purchased a Cortex Data Lake instance. Palo Alto Networks will provide the customer with a free instance
What size is this free Cortex Data Lake instance?

• A. 1 TB
• B. 10 GB
• C. 100 GB
• D. 10 TB

Answer: C

NEW QUESTION 5
What is the difference between an exception and an exclusion?

• A. An exception is based on rules and exclusions are on alerts
• B. An exclusion is based on rules and exceptions are based on alerts.
• C. An exception does not exist
• D. An exclusion does not exist

Answer: A

NEW QUESTION 6
An EDR project was initiated by a CISO. Which resource will likely have the most heavy influence on the project?

• A. desktop engineer
• B. SOC manager
• C. SOC analyst IT
• D. operations manager

Answer: B

NEW QUESTION 7
In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?

• A. Vendor
• B. Type
• C. Using
• D. Brand

Answer: A

NEW QUESTION 8
Which two items are stitched to the Cortex XDR causality chain'' (Choose two)

• A. firewall alert
• B. SIEM alert
• C. full URL
• D. registry set value

Answer: AC

NEW QUESTION 9
Which CLI query would bring back Notable Events from Splunk?
A)

B)

C)

D)

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: D

NEW QUESTION 10
An adversary is attempting to communicate with malware running on your network for the purpose of controlling malware activities or for ex filtrating data from your network. Which Cortex XDR Analytics alert is this activity most likely to trigger'?

• A. Uncommon Local Scheduled Task Creation
• B. Malware
• C. New Administrative Behavior
• D. DNS Tunneling

Answer: B

NEW QUESTION 11
A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?

• A. Extend the POC window to allow the solution architects to build it
• B. Tell them we can build it with Professional Services.
• C. Tell them custom integrations are not created as part of the POC
• D. Agree to build the integration as part of the POC

Answer: C

NEW QUESTION 12
How do sub-playbooks affect the Incident Context Data?

• A. When set to private, task outputs do not automatically get written to the root context
• B. When set to private, task outputs automatically get written to the root context
• C. When set to global, allows parallel task execution.
• D. When set to global, sub-playbook tasks do not have access to the root context

Answer: A

NEW QUESTION 13
Which option describes a Load-Balancing Engine Group?

• A. A group of engines that use an algorithm to efficiently share the workload for integrations
• B. A group of engines that ensure High Availability of Demisto backend databases.
• C. A group of engines that use an algorithm to efficiently share the workload for automation scripts
• D. A group of D2 agents that share processing power across multiple endpoints

Answer: C

NEW QUESTION 14
When a Demisto Engine is part of a Load-Balancing group it?

• A. Must be in a Load-Balancing group with at least another 3 members
• B. It must have port 443 open to allow the Demisto Server to establish a connection
• C. Can be used separately as an engine, only if connected to the Demisto Server directly
• D. Cannot be used separately and does not appear in the in the engines drop-down menu when configuring an integration instance

Answer: D

NEW QUESTION 15
A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake. Where would the user configure the ratio of storage for each log type?

• A. Within the TMS, create an agent settings profile and modify the Disk Quota value
• B. It is not possible to configure Cortex Data Lake quota for specific log types.
• C. Go to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota
• D. Write a GPO for each endpoint agent to check in less often

Answer: C

NEW QUESTION 16
......