Palo Alto Networks PSE-Cortex Exam Practice Test Instant Access

Question 1

Which two filter operators are available in Cortex XDR? (Choose two.)

Anot Contains

B!*

C=>

D< >

Answer : A, B

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr-pro/use-cortex-xdr/manage-tables.html

Question 2

What should be configured for a Cortex XSIAM customer who wants to automate the response to certain alerts?

APlaybook triggers

BCorrelation rules

CIncident scoring

DData model rules

Answer : A

To automate the response to certain alerts in Cortex XSIAM, playbook triggers should be configured. Playbooks allow automated workflows to be executed based on specific conditions or alerts, enabling faster and more consistent responses to security events.

Question 3

Given the exception thrown in the accompanying image by the Demisto REST API integration, which action would most likely solve the problem?

Which two playbook functionalities allow looping through a group of tasks during playbook execution? (Choose two.)

AGeneric Polling Automation Playbook

BPlaybook Tasks

CSub-Play books

DPlaybook Functions

Answer : A, C

Question 4

When initiated, which Cortex XDR capability allows immediate termination of the process-or entire process tree-on an anomalous process discovered during investigation of a security event?

ALive sensors

BLive terminal

CLog forwarding

DLog stitching

Answer : B

The Live terminal capability in Cortex XDR allows the immediate termination of an anomalous process or the entire process tree during the investigation of a security event. This feature helps analysts take swift action to stop potentially malicious activity on the endpoint in real-time.

Question 5

Which option is required to prepare the VDI Golden Image?

AConfigure the Golden Image as a persistent VDI

BUse the Cortex XDR VDI tool to obtain verdicts for all PE files

CInstall the Cortex XOR Agent on the local machine

DRun the Cortex VDI conversion tool

Answer : B

Question 6

What is the function of reputation scoring in the Threat Intelligence Module of Cortex XSIAM?

AIt provides a statistical model for combining scores from multiple vendors

BIt resolves conflicting scores from different vendors with the same indicator.

CIt allows for comparison between open-source intelligence and paid services.

DIt helps identify threat feed vendors with invalid content.

Answer : B

The function of reputation scoring in the Threat Intelligence Module of Cortex XSIAM is to resolve conflicting scores from different vendors for the same indicator. This helps standardize threat intelligence, allowing the platform to provide a more accurate and reliable assessment of the risk associated with a given indicator, even when different sources may provide conflicting information.

Question 7

What is the requirement for enablement of endpoint and network analytics in Cortex XDR?

ACloud Identity Engine configured and enabled

BNetwork Mapper applet on the Broker VM configured and enabled

CLogs from at least 30 endpoints over a minimum of two weeks

DWindows DHCP logs ingested via a Cortex XDR collector

Answer : C

To enable endpoint and network analytics in Cortex XDR, the requirement is to have logs from at least 30 endpoints over a minimum of two weeks. This provides sufficient data for Cortex XDR to perform effective analytics and detection, helping identify trends and potential threats.

Palo Alto Networks System Engineer - Cortex Professional PSE-Cortex Exam Practice Test