palo alto networks pse-cortex practice test

palo alto networks system engineer professional - cortex

Last exam update: Dec 18 ,2024
Page 1 out of 4. Viewing questions 1-10 out of 42

Question 1

Which two types of indicators of compromise (IOCs) are available for creation in Cortex XDR? (Choose two.)

  • A. registry
  • B. file path
  • C. hash
  • D. hostname
Answer:

cd

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

What does the Cortex XSOAR Saved by Dbot widget calculate?

  • A. amount saved in Dollars according to actions carried out by all users in Cortex XSOAR across all incidents
  • B. amount saved in Dollars by using Cortex XSOAR instead of other products
  • C. amount of time saved by each playbook task within an incident
  • D. amount of time saved by Dbot's machine learning (ML) capabilities
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which two filter operators are available in Cortex XDR? (Choose two.)

  • A. Is Contained By
  • B. < >
  • C. =
  • D. Contains
Answer:

cd

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Which command-line interface (CLI) query would retrieve the last three Splunk events?

  • A. !search using=splunk_instance_1 query="* | last 3"
  • B. !search using=splunk_instance_1 query="* | 3"
  • C. !query using=splunk_instance_1 query="* | last 3"
  • D. !search using=splunk_instance_1 query="* | head 3"
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?

  • A. causality group owner
  • B. chain's alert initiator
  • C. adversary's remote process
  • D. relevant shell
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

What does DBot use to score an indicator that has multiple reputation scores?

  • A. most severe score
  • B. undefined score
  • C. average score
  • D. least severe score
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

How do sub-playbooks affect the Incident Context Data?

  • A. When set to private, task outputs do not automatically get written to the root context.
  • B. When set to global, sub-playbook tasks do not have access to the root context.
  • C. When set to global, parallel task execution is allowed.
  • D. When set to private, task outputs are automatically written to the root context.
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command-and-control (C2) traffic.
What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall?

  • A. Have XSOAR automatically add the IP address to a threat intelligence management (TIM) malicious IP list to elevate priority of future alerts.
  • B. Have XSOAR automatically add the IP address to a deny rule in the firewall.
  • C. Have XSOAR automatically add the IP address to an external dynamic list (EDL) used by the firewall.
  • D. Have XSOAR automatically create a NetOps ticket requesting a configuration change to the firewall to block the IP.
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

How can Cortex XSOAR save time when a phishing incident occurs?

  • A. It can automatically email staff to warn them about the phishing attack and show them a copy of the email.
  • B. It can automatically respond to the phishing email to unsubscribe from future emails.
  • C. It can automatically purge the email from user mailboxes in which it has not yet opened.
  • D. It can automatically identify every mailbox that received the phish and create corresponding cases for them.
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

What allows the use of predetermined Palo Alto Networks roles to assign access rights to Cortex XDR users?

  • A. role-based access control (RBAC)
  • B. cloud identity engine (CIE)
  • C. endpoint groups
  • D. restrictions security profile
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2