palo alto networks system engineer professional - cortex
Last exam update: Dec 18 ,2024
Page 1 out of 4. Viewing questions 1-10 out of 42
Question 1
Which two types of indicators of compromise (IOCs) are available for creation in Cortex XDR? (Choose two.)
A.
registry
B.
file path
C.
hash
D.
hostname
Answer:
cd
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 2
What does the Cortex XSOAR Saved by Dbot widget calculate?
A.
amount saved in Dollars according to actions carried out by all users in Cortex XSOAR across all incidents
B.
amount saved in Dollars by using Cortex XSOAR instead of other products
C.
amount of time saved by each playbook task within an incident
D.
amount of time saved by Dbot's machine learning (ML) capabilities
Answer:
a
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 3
Which two filter operators are available in Cortex XDR? (Choose two.)
A.
Is Contained By
B.
< >
C.
=
D.
Contains
Answer:
cd
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 4
Which command-line interface (CLI) query would retrieve the last three Splunk events?
A.
!search using=splunk_instance_1 query="* | last 3"
B.
!search using=splunk_instance_1 query="* | 3"
C.
!query using=splunk_instance_1 query="* | last 3"
D.
!search using=splunk_instance_1 query="* | head 3"
Answer:
d
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?
A.
causality group owner
B.
chain's alert initiator
C.
adversary's remote process
D.
relevant shell
Answer:
a
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
What does DBot use to score an indicator that has multiple reputation scores?
A.
most severe score
B.
undefined score
C.
average score
D.
least severe score
Answer:
a
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 7
How do sub-playbooks affect the Incident Context Data?
A.
When set to private, task outputs do not automatically get written to the root context.
B.
When set to global, sub-playbook tasks do not have access to the root context.
C.
When set to global, parallel task execution is allowed.
D.
When set to private, task outputs are automatically written to the root context.
Answer:
a
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 8
Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command-and-control (C2) traffic. What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall?
A.
Have XSOAR automatically add the IP address to a threat intelligence management (TIM) malicious IP list to elevate priority of future alerts.
B.
Have XSOAR automatically add the IP address to a deny rule in the firewall.
C.
Have XSOAR automatically add the IP address to an external dynamic list (EDL) used by the firewall.
D.
Have XSOAR automatically create a NetOps ticket requesting a configuration change to the firewall to block the IP.
Answer:
c
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
How can Cortex XSOAR save time when a phishing incident occurs?
A.
It can automatically email staff to warn them about the phishing attack and show them a copy of the email.
B.
It can automatically respond to the phishing email to unsubscribe from future emails.
C.
It can automatically purge the email from user mailboxes in which it has not yet opened.
D.
It can automatically identify every mailbox that received the phish and create corresponding cases for them.
Answer:
c
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
What allows the use of predetermined Palo Alto Networks roles to assign access rights to Cortex XDR users?