PSE-CORTEX Exam Questions

Which option is required to prepare the VDI Golden Image?

An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems an...

If an anomalous process is discovered while investigating the cause of a security event, you can take immediate action to terminate the process or the whole process tree, and block...

Which four types of Traps logs are stored within Cortex Data Lake?

During the TMS instance activation, a tenant (Customer) provides the following information for the fields in the Activation-Step 2 of 2 window. During the service instance provisio...

Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

An Administrator is alerted to a Suspicious Process Creation security event from multiple users. The users believe that these events are false positives Which two steps should the...

Which Cortex XDR capability extends investigations to an endpoint?

Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)

A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake. Where would the user configure the ratio of storage for each log type?

An adversary is attempting to communicate with malware running on your network for the purpose of controlling malware activities or for ex filtrating data from your network. Which...

What are process exceptions used for?

If a customer activates a TMS tenant and has not purchased a Cortex Data Lake instance. Palo Alto Networks will provide the customer with a free instance What size is this free Cor...

The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?

An antivirus refresh project was initiated by the IT operations executive. Who is the best source for discussion about the project's operational considerations?

An EDR project was initiated by a CISO. Which resource will likely have the most heavy influence on the project?

In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three )

Which two methods does the Cortex XDR agent use to identify malware during a scheduled scan? (Choose two.)

Which two filter operators are available in Cortex XDR? (Choose two.)

Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan? (Choose two )

Which two filter operators are available in Cortex XDR? (Choose two.)

An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit. What is the safest way to do it...

Which two entities can be created as a BIOC? (Choose two.)

What is the difference between an exception and an exclusion?

Which step is required to prepare the VDI Golden Image?

When a Demisto Engine is part of a Load-Balancing group it?

When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the REST API?

What are two manual actions allowed on War Room entries? (Choose two.)

Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types? (Choose three.)

How many use cases should a POC success criteria document include?

In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?

How does an "inline" auto-extract task affect playbook execution?

Which two formats are supported by Whitelist? (Choose two)

The prospect is deciding whether to go with a phishing or a ServiceNow use case as part of their POC We have integrations for both but a playbook for phishing only Which use case s...

The certificate used for decryption was installed as a trusted root CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console What actio...

A General Purpose Dynamic Section can be added to which two layouts for incident types? (Choose two)

If you have a playbook task that errors out. where could you see the output of the task?

The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second...

How do sub-playbooks affect the Incident Context Data?

A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?

Which option describes a Load-Balancing Engine Group?

Which task allows the playbook to follow different paths based on specific conditions?

Given the integration configuration and error in the screenshot what is the cause of the problem?

"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

How can you view all the relevant incidents for an indicator?

Which deployment type supports installation of an engine on Windows, Mac OS, and Linux?

What does DBot use to score an indicator that has multiple reputation scores?

In an Air-Gapped environment where the Docker package was manually installed after the Cortex XSOAR installation which action allows Cortex XSOAR to access Docker?

Given the exception thrown in the accompanying image by the Demisto REST API integration, which action would most likely solve the problem? Which two playbook functionalities allow...

A Cortex XSOAR customer wants to ingest from a single mailbox. The mailbox brings in reported phishing emails and email requests from human resources (HR) to onboard new users. The...