PSE-Cortex-Pro-24 by Palo Alto Networks Valid Free Exam Practice Test

Question 1

Which task setting allows context output to a specific key?

A. task output B. lags C. stop on errors D. extend context

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 2

What are two reasons incident investigation is needed in Cortex XDR? (Choose two.)

A. No solution will stop every attack requiring further investigation of activity. B. Detailed reports are needed for senior management to justify the cost of XDR. C. Insider Threats may not be blocked and initial activity may go undetected. D. Analysts need to acquire forensic artifacts of malware that has been blocked by the XDR agent.

Correct Answer: C,D

Question 3

Which aspect of Cortex Xpanse allows for visibility over remote workforce risks?

A. The deployment of a Cortex Xpanse aqent on the remote endpoint B. The presence of a portal for remote workers to use for posture checking C. The ability to identify customer assets on residential networks D. The use of a VPN connection to scan remote devices

Correct Answer: C

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 4

Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command-and-control (C2) traffic.
What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall?

A. Have XSOAR automatically create a NetOps ticket requesting a configuration change to the firewall to block the IP. B. Have XSOAR automatically add the IP address to an external dynamic list (EDL) used by the firewall. C. Have XSOAR automatically add the IP address to a deny rule in the firewall. D. Have XSOAR automatically add the IP address to a threat intelligence management (TIM) malicious IP list to elevate priority of future alerts.

Correct Answer: B

Question 5

A customer has 2700 endpoints. There is currently concern about recent attacks in their industry and threat intelligence from a third-party subscription. In an attempt to be proactive, phishing simulations have been prioritized, but the customer wants to gain more visibility and remediation capabilities specific to their network traffic.
Which Cortex product provides these capabilities?

A. XDR Forensics Module B. B C. XDR Phishing Response Playbook D. XDR Pro Per GB E. XDR Pro Per Endpoint

Correct Answer: B

Question 6

An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them How should an administrator perform this evaluation?

A. Prepare the latest version of Windows VM Gather information about the word processing applications, determine if some of them are vulnerable and prepare a working exploit for at least one of them Execute with an exploitation tool B. Run a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities C. Gather information about the word processing applications and run them on a Windows XP SP3 VM Determine if any of the applications are vulnerable and run the exploit with an exploitation tool D. Run word processing exploits in a latest version of Windows VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities

Correct Answer: B

Question 7

How does an "inline" auto-extract task affect playbook execution?

A. step. Wait until the indicators are enriched but doesn't populate context data before executing the next step. B. Wait until the indicators are enriched and populate context data before executing the next step. C. Doesn't wait until the indicators are enriched and continues executing the next step D. Doesn't wait until the indicators are enriched but populate context data before executing the next

Correct Answer: B

Question 8

Which solution profiles network behavior metadata, not payloads and files, allowing effective operation regardless of encrypted or unencrypted communication protocols, like HTTPS?

A. endpoint detection and response (EDR) B. Security Information and Event Management (SIEM) C. endpoint protection platform (EPP) D. Network Detection and Response (NDR)

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 9

Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

A. Agent Configuration B. Device Customization C. Device Control D. Agent Management

Correct Answer: C

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 10

Which Cortex XSIAM feature can be used to onboard data sources?

A. Asset Inventory B. Playbook C. Marketplace Integration D. Data Ingestion Dashboard

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 11

The prospect is deciding whether to go with a phishing or a ServiceNow use case as part of their POC We have integrations for both but a playbook for phishing only Which use case should be used for the POC?

A. ServiceNow B. neither C. either D. phishing

Correct Answer: D

Question 12

How can the required log ingestion license be determined when sizing a Cortex XSIAM deployment?

A. Count the number of correlation sources and multiply by desired retention days. B. Use the Cortex Data Lake Calculator to estimate the volume of third-party logs. C. Ask the customer to provide average daily alert volume. D. Ask the customer for average log ingestion estimates from their existing SIEM.

Correct Answer: B

Question 13

Which description applies to the features of the Cortex platform as a holistic ecosystem?

A. It primarily focuses on endpoint prevention without addressing other security aspects B. It offers an end-to-end security solution, covering every step of security processes. C. It provides a partial security solution, leaving some steps of the security process uncovered. D. It is solely focused on reactive security measures, neglecting proactive approaches.

Correct Answer: B

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Palo Alto Networks Systems Engineer Professional - Cortex - PSE-Cortex-Pro-24 Exam Practice Test