Palo Alto Networks PSE-Cortex Exam Practice Test Instant Access

Question 1

Given the exception thrown in the accompanying image by the Demisto REST API integration, which action would most likely solve the problem?

Which two playbook functionalities allow looping through a group of tasks during playbook execution? (Choose two.)

AGeneric Polling Automation Playbook

BPlaybook Tasks

CSub-Play books

DPlaybook Functions

Answer : A, C

Question 2

If a customer activates a TMS tenant and has not purchased a Cortex Data Lake instance.

Palo Alto Networks will provide the customer with a free instance

What size is this free Cortex Data Lake instance?

A1 TB

B10 GB

C100 GB

D10 TB

Answer : C

Question 3

What are process exceptions used for?

Awhitelist programs from WildFire analysis

Bpermit processes to load specific DLLs

Cchange the WildFire verdict for a given executable

Ddisable an EPM for a particular process

Answer : D

Question 4

An adversary is attempting to communicate with malware running on your network for the purpose of controlling malware activities or for ex filtrating data from your network. Which Cortex XDR Analytics alert is this activity most likely to trigger'?

AUncommon Local Scheduled Task Creation

BMalware

CNew Administrative Behavior

DDNS Tunneling

Answer : B

Question 5

A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake.

Where would the user configure the ratio of storage for each log type?

AWithin the TMS, create an agent settings profile and modify the Disk Quota value

BIt is not possible to configure Cortex Data Lake quota for specific log types.

CGo to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota

DWrite a GPO for each endpoint agent to check in less often

Answer : C

Question 6

An Administrator is alerted to a Suspicious Process Creation security event from multiple users.

The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )

AWith the Malware Security profile, disable the 'Prevent Malicious Child Process Execution' module

BWithin the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist

CIn the Cortex XDR security event, review the specific parent process, child process, and command line arguments

DContact support and ask for a security exception.

Answer : B, C

Question 7

Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

AAgent Configuration

BDevice Control

CDevice Customization

DAgent Management

Answer : B

https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-features-introduced-in-december-2019/ba-p/302231

Palo Alto Networks PSE-Cortex Palo Alto Networks System Engineer - Cortex Professional Exam Practice Test