palo alto networks pse-cortex practice test

palo alto networks system engineer professional - cortex

Last exam update: Dec 15 ,2024
Page 1 out of 5. Viewing questions 1-10 out of 42

Question 1

When initiated, which Cortex XDR capability allows immediate termination of the process or whole process tree on an anomalous process discovered during investigation of a security event?

  • A. file explorer
  • B. log stitching
  • C. live sensors
  • D. live terminal
Mark Question:
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which integration allows searching and displaying Splunk results within Cortex XSOAR?

  • A. SplunkPY integration
  • B. Demisto App for Splunk integration
  • C. XSOAR REST API integration
  • D. Splunk integration
Mark Question:
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

What is the size of the free Cortex Data Lake instance provided to a customer who has activated a TMS tenant, but has not purchased a Cortex Data Lake instance?

  • A. 10 GB
  • B. 1 TB
  • C. 10 TB
  • D. 100 GB
Mark Question:
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

What is used to display only file entries in a War Room?

  • A. !files from War Room CLI
  • B. incident files section in layout builder
  • C. files and attachments filters
  • D. /files from War Room CLI
Mark Question:
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

A customer has purchased Cortex Data Lake storage with the following configuration, which requires 2 TB of Cortex Data Lake to order: support for 300 total Cortex XDR clients all forwarding Cortex XDR data with 30-day retention storage for higher fidelity logs to support Cortex XDR advanced analytics
The customer now needs 1000 total Cortex XDR clients, but continues with 300 clients forwarding Cortex XDR data with 30-day retention.
What is the new total storage requirement for Cortex Data Lake storage to order?

  • A. 16 TB
  • B. 4 TB
  • C. 8 TB
  • D. 2 TB
Mark Question:
Answer:

b

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

An adversary attempts to communicate with malware running on a network in order to control malware activities or to exfiltrate data from the network.
Which Cortex XDR Analytics alert will this activity most likely trigger?

  • A. uncommon local scheduled task creation
  • B. malware
  • C. new administrative behavior
  • D. DNS Tunneling
Mark Question:
Answer:

d

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which two methods does the Cortex XDR agent use to identify malware during a scheduled scan? (Choose two.)

  • A. WildFire hash comparison
  • B. heuristic analysis
  • C. signature comparison
  • D. dynamic analysis
Mark Question:
Answer:

ab

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

Which statement applies to the malware protection flow in Cortex XDR Prevent?

  • A. Local static analysis happens before a WildFire verdict check.
  • B. In the final step, the block list is verified.
  • C. A trusted signed file is exempt from local static analysis.
  • D. Hash comparisons come after local static analysis.
Mark Question:
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

A Cortex XSOAR customer has a phishing use case in which a playbook has been implemented with one of the steps blocking a malicious URL found in an email reported by one of the users.
What would be the appropriate next step in the playbook?

  • A. Email the CISO to advise that malicious email was found.
  • B. Disable the user's email account.
  • C. Email the user to confirm the reported email was phishing.
  • D. Change the user's password.
Mark Question:
Answer:

c

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

How do sub-playbooks affect the Incident Context Data?

  • A. When set to private, task outputs do not automatically get written to the root context.
  • B. When set to global, sub-playbook tasks do not have access to the root context.
  • C. When set to global, parallel task execution is allowed.
  • D. When set to private, task outputs are automatically written to the root context.
Mark Question:
Answer:

a

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2