PSE-CORTEX Exam Questions

What allows the use of predetermined Palo Alto Networks roles to assign access rights to Cortex XDR users?

What integration allows searching and displaying Splunk results within Cortex XSOAR?

How can Cortex XSOAR save time when a phishing incident occurs?

Which two types of indicators of compromise (IOCs) are available for creation in Cortex XDR? (Choose two.)

What is the result of creating an exception from an exploit security event?

What is the retention requirement for Cortex Data Lake sizing?

The certificate used for decryption was installed as a trusted toot CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console. What acti...

Which two log types should be configured for firewall forwarding to the Cortex Data Lake for use by Cortex XDR? (Choose two)

Which two items are stitched to the Cortex XDR causality chain? (Choose two.)

Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?

In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three.)

When analyzing logs for indicators, which are used for only BIOC identification'?

What does the Cortex XSOAR "Saved by Dbot" widget calculate?

Which type of log is ingested natively in Cortex XDR Pro per TB?

An adversary attempts to communicate with malware running on a network in order to control malware activities or to exfiltrate data from the network. Which Cortex XDR Analytics ale...

Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command- and-control (C2) traffic. What is the best method to block this IP from communicating wit...

Which two types of indicators of compromise (IOCs) are available for creation in Cortex XDR? (Choose two.)

A Cortex XSOAR customer has a phishing use case in which a playbook has been implemented with one of the steps blocking a malicious URL found in an email reported by one of the use...

Which two actions are required to add indicators to the whitelist? (Choose two.)

Which playbook feature allows concurrent execution of tasks?

Which two Cortex XSOAR incident type features can be customized under Settings > Advanced > Incident Types? (Choose two.)

What are two reasons incident investigation is needed in Cortex XDR? (Choose two.)

Which two statements apply to widgets? (Choose two.)

Which source provides data for Cortex XDR?

Which two manual actions are allowed on War Room entries? (Choose two.)

Which statement applies to a Cortex XSOAR engine that is part of a load-balancing group?

Which attack method is a result of techniques designed to gain access through vulnerabilities in the code of an operating system (OS) or application?

What are two capabilities of a War Room? (Choose two.)

On a multi-tenanted v6.2 Cortex XSOAR server, which path leads to the server.log for "Tenant1"?

What is used to display only file entries in a War Room?

Which two areas of Cortex XDR are used for threat hunting activities? (Choose two.)

Where can all the relevant incidents for an indicator be viewed?

Which statement applies to the malware protection flow in Cortex XDR Prevent?

When initiated, which Cortex XDR capability allows immediate termination of the process or whole process tree on an anomalous process discovered during investigation of a security...

What is the size of the free Cortex Data Lake instance provided to a customer who has activated a TMS tenant, but has not purchased a Cortex Data Lake instance?

What is a benefit offered by Cortex XSOAR?

Which action allows Cortex XSOAR to access Docker in an air-gapped environment where the Docker page was manually installed after the Cortex XSOAR installation?

The Cortex XDR management service requires which other Palo Alto Networks product?

Which command-line interface (CLI) query would retrieve the last three Splunk events?

Which Linux OS command will manually load Docker images onto the Cortex XSOAR server in an air-gapped environment?

Which solution profiles network behavior metadata, not payloads and files, allowing effective operation regardless of encrypted or unencrypted communication protocols, like HTTPS?

A customer wants the main Cortex XSOAR server installed in one site and wants to integrate with three other technologies in a second site. What communications are required between...

Why is reputation scoring important in the Threat Intelligence Module of Cortex XSOAR?

Where is the output of the task visible when a playbook task errors out?

Which command is used to add Cortex XSOAR "User1" to an investigation from the War Room command-line interface (CLI)?

A Cortex XSOAR customer wants to send a survey to users asking them to input their manager's email for a training use case so the manager can receive status reports on the employee...

Which playbook functionality allows grouping of tasks to create functional building blocks?

Cortex XDR external data ingestion processes ingest data from which sources?

A customer agrees to do a 30-day proof of concept (POC) and wants to integrate with a product with which Cortex XSOAR is not currently integrated. What is the appropriate response...

Which two entities can be created as a behavioral indicator of compromise (BIOC)? (Choose two.)