Palo Alto Networks PSE-Cortex Exam Practice Test Instant Access

Question 1

Which two types of indicators of compromise (IOCs) are available for creation in Cortex XDR? (Choose two.)

Aregistry

Bfile path

Chash

Dhostname

Answer : B, C

Question 2

In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?

AVendor

BType

CUsing

DBrand

Answer : A

Question 3

Which two areas of Cortex XDR are used for threat hunting activities? (Choose two.)

Aindicators of compromise (IOC) rules

Bquery builder

Clive terminal

Dhost insights module

Answer : B, D

Question 4

A customer has purchased Cortex XDR and requires 24/7 monitoring of the platform. However, the customer only has staff available during business hours.

Which Palo Alto Networks offering would best meet this requirement?

ASecurity Orchestration, Automation and Response

BSecurity Information and Event Management

CManaged Detection and Response

DNetwork Detection and Response

Answer : C

The best option for providing 24/7 monitoring of Cortex XDR, given that the customer only has staff available during business hours, would be Managed Detection and Response (MDR). MDR services provide continuous monitoring, detection, and response to security incidents, even outside of business hours, by leveraging expert security teams to manage and respond to threats when the customer's internal staff is unavailable.

Question 5

What is the recommended first step in planning a Cortex XDR deployment?

AImplement Cortex XDR across all endpoints without assessing architecture or assets

BDeploy agents across the entire environment for immediate protection.

CDeploy Cortex XDR on endpoints with the highest potential for attack.

DConduct an assessment and identify critical assets and endpoint within the environment.

Answer : D

The recommended first step in planning a Cortex XDR deployment is to conduct an assessment and identify critical assets and endpoints within the environment. This ensures that the deployment is targeted and effective, focusing on the most critical parts of the infrastructure that are most likely to be attacked or compromised.

Question 6

Which product enables the discovery, exchange, and contribution of security automation playbooks, built into Cortex XSOAR?

AXSOAR Threat Intelligence Platform (TIP)

BXSOAR Automated Systems

CXSOAR Ticketing Systems

DXSOAR Marketplace

Answer : D

Question 7

Which feature of Cortex XSIAM helps analyst reduce the noise and false positives that often plague traditional SIEM systems?

AAlert range indicators

BAl-generated correlation rules

CAutomatic incident scoring

DDynamic alarm fields

Answer : B

The feature in Cortex XSIAM that helps analysts reduce the noise and false positives typically seen in traditional SIEM systems is AI-generated correlation rules. These rules use machine learning to automatically identify meaningful patterns and reduce irrelevant alerts, helping analysts focus on the most critical incidents.

Palo Alto Networks System Engineer - Cortex Professional PSE-Cortex Exam Practice Test