Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Home
Paloalto Networks
PSE-Cortex Professional
PSE-Cortex-Pro-24
Palo Alto Networks Systems Engineer Professional - Cortex Questions and Answers

Pass the Paloalto Networks PSE-Cortex Professional PSE-Cortex-Pro-24 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam PSE-Cortex-Pro-24 Premium Access

View all detail and faqs for the PSE-Cortex-Pro-24 exam

Go to Exam

485 Students Passed

92% Average Score

96% Same Questions

Viewing page 1 out of 5 pages

Viewing questions 1-10 out of questions

Questions # 1:

What are the key capabilities of the ASM for Remote Workers module?

Options:

Monitoring endpoint activity, managing firewall rules, and mitigating cybersecurity threats

Gathering endpoint data, conducting internal scans, and automating network configurations

Identifying office network vulnerabilities, monitoring remote workforce, and encrypting data

Analyzing global scan data, identifying risky issues on remote networks, and providing internal insights

Answer

Explanation

The ASM for Remote Workers module in Cortex Xpanse focuses on analyzing global scan data, identifying risky issues on remote networks, and providing internal insights. This helps organizations maintain visibility and control over the security of their remote workforce, ensuring that potential risks and vulnerabilities in remote network configurations are addressed proactively.

Questions # 2:

A customer has purchased Cortex XSOAR and has a need to rapidly stand up the product in their environment. The customer has stated that their internal staff are currently occupied with other projects.

Which Palo Alto Networks service offering should be recommended to the customer?

Options:

Deployment

Onboardinq

Fast-Track

QuickStart

Answer

Explanation

The QuickStart service offering is designed for customers who need to rapidly deploy a solution like Cortex XSOAR. It provides a streamlined process for setting up the product, which is ideal for customers who have limited availability of internal resources due to other projects. QuickStart allows for a faster and more efficient implementation.

Questions # 3:

An Administrator is alerted to a Suspicious Process Creation security event from multiple users.

The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )

Options:

With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module

Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist

In the Cortex XDR security event, review the specific parent process, child process, and command line arguments

Contact support and ask for a security exception.

Answer

B, C

Questions # 4:

What is the primary purpose of Cortex XSIAM’s machine learning led design?

Options:

To group alerts into incidents for manual analysis

To facilitate alert and log management without automation

To effectively handle the bulk of incidents through automation

To rely heavily on human-driven detection and remediation

Answer

Explanation

The primary purpose of Cortex XSIAM's machine learning-led design is to automate the handling of the bulk of incidents. By leveraging machine learning, it can automatically classify, group, and respond to incidents, reducing the need for manual intervention and increasing efficiency in incident management.

Questions # 5:

What should be configured for a Cortex XSIAM customer who wants to automate the response to certain alerts?

Options:

Playbook triggers

Correlation rules

Incident scoring

Data model rules

Answer

Explanation

To automate the response to certain alerts in Cortex XSIAM, playbook triggers should be configured. Playbooks allow automated workflows to be executed based on specific conditions or alerts, enabling faster and more consistent responses to security events.

Questions # 6:

On a multi-tenanted v6.2 Cortex XSOAR server, which path leads to the server.log for "Tenant1"?

Options:

/var/log/demisto/acc_Tenant1/server.log

/var/log/demisto/Tenant1/server.log

/var/lib/demisto/acc_Tenant1/server.log

/var/lib/demisto/server.log

Answer

Explanation

[Reference: https://live.paloaltonetworks.com/twzvq79624/attachments/twzvq79624/Cortex_XSOAR_Release_Announcements/15/7/Multi-Tenant%206.1.pdf, , In a multi-tenant setup, Cortex XSOAR organizes logs by tenant using a specific directory structure. The prefix acc_ (short for "account") is used to differentiate tenant-specific directories within the /var/log/demisto/ path. This convention helps in clearly segregating logs for different tenants, making it easier for administrators to manage and troubleshoot issues specific to each tenant. On the other hand, /var/log/demisto/Tenant1/server.log does not follow the standard naming convention used in multi-tenant environments for Cortex XSOAR, which includes the acc_ prefix to indicate tenant accounts., , , ]

Questions # 7:

In an Air-Gapped environment where the Docker package was manually installed after the Cortex XSOAR installation which action allows Cortex XSOAR to access Docker?

Options:

create a “docker” group and add the "Cortex XSOAR" or "demisto" user to this group

create a "Cortex XSOAR' or "demisto" group and add the "docker" user to this group

disable the Cortex XSOAR service

enable the docker service

Answer

Questions # 8:

Which Cortex XDR capability extends investigations to an endpoint?

Options:

Log Stitching

Causality Chain

Sensors

Live Terminal

Answer

Explanation

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pr o-admin/cortex-xdr-overview/cortex-xdr-concepts

Questions # 9:

An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them

How should an administrator perform this evaluation?

Options:

Gather information about the word processing applications and run them on a Windows XP SP3 VM Determine if any of the applications are vulnerable and run the exploit with an exploitation tool

Run word processing exploits in a latest version of Windows VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities

Run a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities

Prepare the latest version of Windows VM Gather information about the word processing applications, determine if some of them are vulnerable and prepare a working exploit for at least one of them Execute with an exploitation tool

Answer

Questions # 10:

What is the result of creating an exception from an exploit security event?