Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Home
Paloalto Networks
PSE-Cortex Professional
PSE-Cortex
Palo Alto Networks System Engineer - Cortex Professional Questions and Answers

Pass the Paloalto Networks PSE-Cortex Professional PSE-Cortex Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam PSE-Cortex Premium Access

View all detail and faqs for the PSE-Cortex exam

Go to Exam

433 Students Passed

92% Average Score

95% Same Questions

Viewing page 1 out of 5 pages

Viewing questions 1-10 out of questions

Questions # 1:

What are two reasons incident investigation is needed in Cortex XDR? (Choose two.)

Options:

No solution will stop every attack requiring further investigation of activity.

Insider Threats may not be blocked and initial activity may go undetected.

Analysts need to acquire forensic artifacts of malware that has been blocked by the XDR agent.

Detailed reports are needed for senior management to justify the cost of XDR.

Answer

B, C

Questions # 2:

What is the retention requirement for Cortex Data Lake sizing?

Options:

number of endpoints

number of VM-Series NGFW

number of days

logs per second

Answer

Explanation

https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-cortex-data-lake/set-log-storage-quota

Questions # 3:

An adversary attempts to communicate with malware running on a network in order to control malware activities or to exfiltrate data from the network.

Which Cortex XDR Analytics alert will this activity most likely trigger?

Options:

uncommon local scheduled task creation

malware

new administrative behavior

DNS Tunneling

Answer

Explanation

[Reference: https://www.boll.ch/datasheets/Cortex_XDR_for_Network_Traffic_Analysis.pdf, , ]

Questions # 4:

Which element displays an entire picture of an attack, including the root cause or delivery point?

Options:

Cortex XSOAR Work Plan

Cortex SOC Orchestrator

Cortex Data Lake

Cortex XDR Causality View

Answer

Explanation

[Reference: https://live.paloaltonetworks.com/twzvq79624/attachments/twzvq79624/Cortex_XDR_Articles/1/1/final-cortex-xdr-ds.pdf, , ]

Questions # 5:

What is the requirement for enablement of endpoint and network analytics in Cortex XDR?

Options:

Cloud Identity Engine configured and enabled

Network Mapper applet on the Broker VM configured and enabled

Logs from at least 30 endpoints over a minimum of two weeks

Windows DHCP logs ingested via a Cortex XDR collector

Answer

Explanation

To enable endpoint and network analytics in Cortex XDR, the requirement is to have logs from at least 30 endpoints over a minimum of two weeks. This provides sufficient data for Cortex XDR to perform effective analytics and detection, helping identify trends and potential threats.

Questions # 6:

Which Cortex XSIAM feature can be used to onboard data sources?

Options:

Marketplace Integration

Playbook

Data Ingestion Dashboard

Asset Inventory

Answer

Explanation

The Data Ingestion Dashboard in Cortex XSIAM is used to onboard data sources. It provides a centralized view for configuring and monitoring the ingestion of various data sources into the platform, making it easier to integrate and manage security data from different systems.

Questions # 7:

What are two ways Cortex XSIAM monitors for issues with data ingestion? (Choose two.)

Options:

The Data Ingestion Health page identifies deviations from normal patterns of log collection

The Cortex XSIAM Command Center dashboard will display a red icon if a data source is having issues.

The tenant’s compute units consumption will change dramatically, indicating a collection issue.

It automatically runs a copilot playbook to troubleshoot and resolve ingestion issues.

Answer

A, B

Explanation

The Data Ingestion Health page provides visibility into the normal patterns of log collection and highlights any deviations, which helps identify issues early on.

he Cortex XSIAM Command Center dashboard displays a red icon when there is an issue with a data source, providing a quick visual indication of ingestion problems.

Questions # 8:

Which Cortex XDR capability prevents running malicious files from USB-connected removable equipment?

Options:

Device customization

Agent configuration

Agent management

Restrictions profile

Answer

Explanation

The Restrictions profile in Cortex XDR is used to prevent running malicious files from USB-connected removable equipment. This capability helps enhance endpoint security by blocking the execution of unauthorized or malicious files from external devices such as USB drives, reducing the risk of malware spreading through these vectors.

Questions # 9:

Which two log types should be configured for firewall forwarding to the Cortex Data Lake for use by Cortex XDR? (Choose two)

Options:

Security Event

HIP

Correlation

Analytics

Answer

A, B

Questions # 10:

When initiated, which Cortex XDR capability allows immediate termination of the process-or entire process tree-on an anomalous process discovered during investigation of a security event?

Options:

Live sensors

Live terminal

Log forwarding

Log stitching

Answer

Explanation

The Live terminal capability in Cortex XDR allows the immediate termination of an anomalous process or the entire process tree during the investigation of a security event. This feature helps analysts take swift action to stop potentially malicious activity on the endpoint in real-time.

Viewing page 1 out of 5 pages

Viewing questions 1-10 out of questions