Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Pass the Paloalto Networks PSE-Cortex Professional PSE-Cortex Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.
Exam PSE-Cortex Premium Access

View all detail and faqs for the PSE-Cortex exam

Go to Exam

805 Students Passed

85% Average Score

97% Same Questions
Viewing page 4 out of 5 pages
Viewing questions 31-40 out of questions
Questions # 31:

The certificate used for decryption was installed as a trusted root CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

Options:

A.

add paloaltonetworks com to the SSL Decryption Exclusion list

B.

enable SSL decryption

C.

disable SSL decryption

D.

reinstall the root CA certificate

Questions # 32:

Where is the output of the task visible when a playbook task errors out?

Options:

A.

playbook editor

B.

XSOAR audit log

C.

/var/log/messages

D.

War Room of the incident

Questions # 33:

Which two areas of Cortex XDR are used for threat hunting activities? (Choose two.)

Options:

A.

indicators of compromise (IOC) rules

B.

query builder

C.

live terminal

D.

host insights module

Questions # 34:

When a Demisto Engine is part of a Load-Balancing group it?

Options:

A.

Must be in a Load-Balancing group with at least another 3 members

B.

It must have port 443 open to allow the Demisto Server to establish a connection

C.

Can be used separately as an engine, only if connected to the Demisto Server directly

D.

Cannot be used separately and does not appear in the in the engines drop-down menu when configuring an integration instance

Questions # 35:

In addition to incident volume, which four critical factors must be evaluated to determine effectiveness and ROI on cybersecurity planning and technology?

Options:

A.

Analyst, training costs, duplicated, false positives

B.

People, staffing costs, duplicates, false positives

C.

People, security controls, mean time to detect, false positives

D.

Standard operating procedures, staffing costs, duplicates, mean time to respond

Questions # 36:

Which statement applies to the differentiation of Cortex XDR from security information and event management (SIEM)?

Options:

A.

SIEM has access to raw logs from agents, where Cortex XDR traditionally only gets alerts.

B.

Cortex XDR allows just logging into the console and out of the box the events were blocked as a proactive approach.

C.

Cortex XDR requires a large and diverse team of analysts and up to several weeks for simple actions like creating an alert.

D.

SIEM has been entirely designed and built as cloud-native, with the ability to stitch together cloud logs, on-premises logs, third-party logs, and endpoint logs.

Questions # 37:

Which integration allows data to be pushed from Cortex XSOAR into Splunk?

Options:

A.

ArcSight ESM integration

B.

SplunkUpdate integration

C.

Demisto App for Splunk integration

D.

SplunkPY integration

Questions # 38:

A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified

(exploit/windows/browser/ms16_051_vbscript)

The description and current configuration of the exploit are as follows;

Question # 38

What is the remaining configuration?

A)

Question # 38

B)

Question # 38

C)

Question # 38

D)

Question # 38

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Questions # 39:

A Cortex XSOAR customer wants to ingest emails from a single mailbox. The mailbox brings in reported phishing emails and email requests from human resources (HR) to onboard new users. The customer wants to run two separate workflows from this mailbox, one for phishing and one for onboarding.

What will allow Cortex XSOAR to accomplish this in the most efficient way?

Options:

A.

Create two instances of the email integration and classify one instance as ingesting incidents of type phishing and the other as ingesting incidents of type onboarding.

B.

Use an incident classifier based on a field in each type of email to classify those containing "Phish Alert" in the subject as phishing and those containing "Onboard Request" as onboarding.

C.

Create a playbook to process and determine incident type based on content of the email.

D.

Use machine learning (ML) to determine incident type.

Questions # 40:

A customer wants the main Cortex XSOAR server installed in one site and wants to integrate with three other technologies in a second site.

What communications are required between the two sites if the customer wants to install a Cortex XSOAR engine in the second site?

Options:

A.

The Cortex XSOAR server at the first site must be able to initiate a connection to the Cortex XSOAR engine at the second site.

B.

All connectivity is initiated from the Cortex XSOAR server on the first site via a managed cloud proxy.

C.

Dedicated site-to-site virtual private network (VPN) is required for the Cortex XSOAR server at the first site to initiate a connection to the Cortex XSOAR engine at the second site.

D.

The Cortex XSOAR engine at the first site must be able to initiate a connection to the Cortex XSOAR server at the second site.

Viewing page 4 out of 5 pages
Viewing questions 31-40 out of questions
TOP CODES

TOP CODES

Top selling exam codes in the certification world, popular, in demand and updated to help you pass on the first try.

2V0-11.25
ADM-201
Agentforce-Specialist
CMMC-CCP
Data-Cloud-Consultant
PCNSE
PDI
PSE-Strata-Pro-24
Secure-Software-Design
Sharing-and-Visibility-Architect
Workday-Pro-Integrations
ZDTA