Palo Alto Networks PSE-Cortex Exam Practice Test Instant Access

Question 1

Which two formats are supported by Whitelist? (Choose two)

ARegex

BSTIX

CCSV

DCIDR

Answer : A, D

Question 2

How does an "inline" auto-extract task affect playbook execution?

ADoesn't wait until the indicators are enriched and continues executing the next step

BDoesn't wait until the indicators are enriched but populate context data before executing the next

Cstep. Wait until the indicators are enriched but doesn't populate context data before executing the next step.

DWait until the indicators are enriched and populate context data before executing the next step.

Answer : D

Question 3

In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?

AVendor

BType

CUsing

DBrand

Answer : A

Question 4

Which two entities can be created as a BIOC? (Choose two.)

Afile

Bregistry

Cevent log

Dalert log

Answer : A, B

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/cortex-xdr-indicators/working-with-biocs/create-a-bioc-rule.html

Question 5

An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.

What is the safest way to do it?

AThe administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console

BThe administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.

CThe administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

DThe administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

Answer : C

Question 6

An Administrator is alerted to a Suspicious Process Creation security event from multiple users.

The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )

AWith the Malware Security profile, disable the 'Prevent Malicious Child Process Execution' module

BWithin the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist

CIn the Cortex XDR security event, review the specific parent process, child process, and command line arguments

DContact support and ask for a security exception.

Answer : B, C

Question 7

Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

AAgent Configuration

BDevice Control

CDevice Customization

DAgent Management

Answer : B

https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-features-introduced-in-december-2019/ba-p/302231

Palo Alto Networks System Engineer - Cortex Professional Exam Practice Test