Palo Alto Networks PSE Cortex Palo Alto Networks System Engineer – Cortex Professional Online Training
Palo Alto Networks PSE Cortex Online Training
The questions for PSE Cortex were last updated at Oct 28,2024.
- Exam Code: PSE Cortex
- Exam Name: Palo Alto Networks System Engineer - Cortex Professional
- Certification Provider: Palo Alto Networks
- Latest update: Oct 28,2024
What is a benefit of user entity behavior analytics (UEBA) over security information and event management (SIEM)?
a. UEBA can add trusted signers of Windows or Mac processes to a whitelist in the Endpoint Security Manager (ESM) Console
b. UEBA establishes a secure connection in which endpoints can be routed, and it collects and forwards logs and files for analysis
c. SIEMs have difficulty detecting unknown or advanced security threats that do not involve malware, such as credential theft
d. SIEMs supports only agentless scanning, not agent-based workload protection across VMs, containers, Kubernetes.
Which statement applies to a Cortex XSOAR engine that is part of a load-balancing group?
a. It does not appear in the engine drop-down menu when configuring an integration instance
b. It must be in a load-balancing group with at least three additional members
c. It can be used separately as an engine only if directly connected to the XSOAR server
d. It must have port 443 open to allow the XSOAR server to establish a connection
Which step is required to prepare the virtual desktop infrastructure (VDI) golden image?
a. Run the VDI conversion tool
b. Ensure the latest content updates are installed
c. Set the memory dumps to manual setting
d. Review any portable executable (PE) files WildFire determined to be malicious
Which integration allows data to be pushed from Cortex XSOAR into Splunk?
a. SplunkUpdate integration
b. Demisto App for Splunk integration
c. SplunkPY integration
d. ArcSight ESM integration
A Cortex XDR Pro administrator is alerted to a suspicious process creation security event from multiple users who believe these events are false positives.
Which two steps should be taken confirm the false positives and create an exception? (Choose two)
a. In the Cortex XDR security event, review the specific parent process, child process, and command line arguments
b. Contact support and ask for a security exception
c. Within the Malware Security profile, add the specific parent process, child process, and command line argument to the child process whitelist
d. Within the Malware Security profile, disable the Prevent Malicious Child Process Execution module
The Cortex XDR management service requires which other Palo Alto Networks product?
a. Cortex Data Lake
b. Directory Sync
c. Panorama
d. Cortex XSOAR
Which Cortex XDR agent capability prevents loading malicious files from USB-connected removable equipment?
a. Device control
b. Agent management
c. Agent configuration
d. Device customization
Which task setting allows context output to a specific key?
a. Extend context
b. Task output
c. Stop on errors
d. tags
Which two methods does the Cortex XDR agent use to identify malware during a scheduled scan? (Choose two)
a. WildFire hash comparison
b. Signature comparison
c. Dynamic analysis
d. Heuristic analysis
What are two capabilities of a War Room? (Choose two)
a. Run ad-hoc automation commands
b. Create widgets for an investigation
c. Act as an audit trail for an investigation
d. Create playbooks for orchestration