Palo Alto Networks PSE-Cortex Exam Practice Test Instant Access

Question 1

Which two formats are supported by Whitelist? (Choose two)

ARegex

BSTIX

CCSV

DCIDR

Answer : A, D

Question 2

How does an "inline" auto-extract task affect playbook execution?

ADoesn't wait until the indicators are enriched and continues executing the next step

BDoesn't wait until the indicators are enriched but populate context data before executing the next

Cstep. Wait until the indicators are enriched but doesn't populate context data before executing the next step.

DWait until the indicators are enriched and populate context data before executing the next step.

Answer : D

Question 3

In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?

AVendor

BType

CUsing

DBrand

Answer : A

Question 4

Which two entities can be created as a BIOC? (Choose two.)

Afile

Bregistry

Cevent log

Dalert log

Answer : A, B

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/cortex-xdr-indicators/working-with-biocs/create-a-bioc-rule.html

Question 5

An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.

What is the safest way to do it?

AThe administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console

BThe administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.

CThe administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

DThe administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

Answer : C

Question 6

Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)

AIP

Bendpoint hostname

Cdomain

Dregistry entry

Answer : A, C

Question 7

Which Cortex XDR capability extends investigations to an endpoint?

ALog Stitching

BCausality Chain

CSensors

DLive Terminal

Answer : A

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-concepts

Palo Alto Networks PSE-Cortex Palo Alto Networks System Engineer - Cortex Professional Exam Practice Test