Palo Alto Networks PSE Cortex Real Exam Questions
The questions for PSE Cortex were last updated at Sep 12,2024.
- Exam Code: PSE Cortex
- Exam Name: Palo Alto Networks System Engineer - Cortex Professional
- Certification Provider: Palo Alto Networks
- Latest update: Sep 12,2024
What are two capabilities of a War Room? (Choose two)
a. Run ad-hoc automation commands
b. Create widgets for an investigation
c. Act as an audit trail for an investigation
d. Create playbooks for orchestration
Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command-and-control (C2) traffic.
What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall?
a. Have XSOAR automatically add the IP address to a deny rule in the firewall
b. Have XSOAR automatically add the IP address to a threat intelligence management (TIM) malicious IP list to elevate priority of future alerts
c. Have XSOAR automatically add the IP address to an external dynamic list (EDL) used by the firewall
d. Have XSOAR automatically create a NetOps ticket requesting a configuration change to the firewall to block the IP
A Cortex XSOAR customer wants to ingest from a single mailbox. The mailbox brings in reported phishing emails and email requests from human resources (HR) to onboard new users. The customer wants to run two separate workflows from this mailbox, one for phishing and one for onboarding.
What will allow Cortex XSOAR to accomplish this in the most efficient way?
a. Usee machine learning (ML) to determine incident type
b. Create two instances of the email integration and classily one instance as ingesting incidents of type phishing and the other as ingesting incidents of type boarding
c. Use an incident classifier based on field in each type of email to classify those containing “Phish Alert” in the subject as phishing and those containing “Onboard Request” as onboarding
d. Create a playbook to process and determine incident type based on content of the email
The Cortex XDR management service requires which other Palo Alto Networks product?
a. Cortex Data Lake
b. Directory Sync
c. Panorama
d. Cortex XSOAR
Which integration allows data to be pushed from Cortex XSOAR into Splunk?
a. SplunkUpdate integration
b. Demisto App for Splunk integration
c. SplunkPY integration
d. ArcSight ESM integration
Which statement applies to a Cortex XSOAR engine that is part of a load-balancing group?
a. It does not appear in the engine drop-down menu when configuring an integration instance
b. It must be in a load-balancing group with at least three additional members
c. It can be used separately as an engine only if directly connected to the XSOAR server
d. It must have port 443 open to allow the XSOAR server to establish a connection
A customer agrees to do a 30-day proof of concept (POC) and wants to integrate with a product with which Cortex XSOAR is not currently integrated.
What is the appropriate response to the customer?
a. Extend the POC window to allow the solution architects to build it
b. Explain that custom integrations are not included in the POC
c. Explain that it can be built by Professional Services, but it will take an additional 30 days
d. Agree to build the integration as part of the POC
Which two types of Indicators of compromise (IOCs) are available for creation in Cortex XDR?
a. Internet Protocol (IP)
b. Endport hostname
c. registry entry
d. domain
A Cortex XDR Pro administrator is alerted to a suspicious process creation security event from multiple users who believe these events are false positives.
Which two steps should be taken confirm the false positives and create an exception? (Choose two)
a. In the Cortex XDR security event, review the specific parent process, child process, and command line arguments
b. Contact support and ask for a security exception
c. Within the Malware Security profile, add the specific parent process, child process, and command line argument to the child process whitelist
d. Within the Malware Security profile, disable the Prevent Malicious Child Process Execution module