Get ready to pass the PSE-Cortex Exam right now using our Palo Alto Networks Certification Exam Package
A fully updated 2021 PSE-Cortex Exam Dumps exam guide from training expert Prep4sures
NEW QUESTION 11
What are two manual actions allowed on War Room entries? (Choose two.)
- A. Mark as evidence
- B. Mark as artifact
- C. Mark as note
- D. Mark as scheduled entry
Answer: B
NEW QUESTION 12
If a customer activates a TMS tenant and has not purchased a Cortex Data Lake instance.
Palo Alto Networks will provide the customer with a free instance
What size is this free Cortex Data Lake instance?
- A. 100 GB
- B. 10 TB
- C. 10 GB
- D. 1 TB
Answer: A
NEW QUESTION 13
Given the exception thrown in the accompanying image by the Demisto REST API integration, which action would most likely solve the problem?
Which two playbook functionalities allow looping through a group of tasks during playbook execution? (Choose two.)
- A. Playbook Tasks
- B. Sub-Play books
- C. Generic Polling Automation Playbook
- D. Playbook Functions
Answer: B,C
NEW QUESTION 14
A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified (exploit/windows/browser/ms16_051_vbscript) The description and current configuration of the exploit are as follows;
What is the remaining configuration?
A)
B)
C)
D)
- A. Option D
- B. Option B
- C. Option A
- D. Option C
Answer: A
NEW QUESTION 15
Which two items are stitched to the Cortex XDR causality chain'' (Choose two)
- A. SIEM alert
- B. firewall alert
- C. full URL
- D. registry set value
Answer: B,C
NEW QUESTION 16
Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types?
(Choose three.)
- A. Drop new incidents of the same type that contain similar information
- B. Add new fields to an incident type
- C. Define the way that incidents of a specific type are displayed in the system
- D. Set reminders for an incident SLA
- E. Define whether a playbook runs automatically when an incident type is encountered
Answer: A,C,E
NEW QUESTION 17
How do sub-playbooks affect the Incident Context Data?
- A. When set to global, allows parallel task execution.
- B. When set to private, task outputs automatically get written to the root context
- C. When set to global, sub-playbook tasks do not have access to the root context
- D. When set to private, task outputs do not automatically get written to the root context
Answer: C
NEW QUESTION 18
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three.)
- A. quarantine status
- B. attack threat intelligence tag
- C. hostname
- D. Domain/workgroup membership
- E. OS
Answer: C,D,E
NEW QUESTION 19
Which deployment type supports installation of an engine on Windows, Mac OS. and Linux?
- A. DEB
- B. SH
- C. ZIP
- D. RPM
Answer: C
Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/engines/install-deploy-and-configure-demisto-engines/create-a-new-engine.html
NEW QUESTION 20
An antivirus refresh project was initiated by the IT operations executive. Who is the best source for discussion about the project's operational considerations'?
- A. endpoint manager
- B. SOC manager
- C. SOC analyst
- D. desktop engineer
Answer: C
NEW QUESTION 21
Which two formats are supported by Whitelist? (Choose two)
- A. CSV
- B. CIDR
- C. STIX
- D. Regex
Answer: A,B
NEW QUESTION 22
The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?
- A. Cortex XDR Endpoint
- B. Cortex XDR Pro per TB
- C. Cortex XDR Prevent
- D. Cortex XDR Pro Per Endpoint
Answer: A
Explanation:
Explanation
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licen
NEW QUESTION 23
Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?
- A. The causality group owner
- B. the adversary's remote process
- C. the chain's alert initiator
- D. the relevant shell
Answer: A
NEW QUESTION 24
Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)
- A. domain
- B. registry entry
- C. endpoint hostname
- D. IP
Answer: B,C
NEW QUESTION 25
When a Demisto Engine is part of a Load-Balancing group it?
- A. Cannot be used separately and does not appear in the in the engines drop-down menu when configuring an integration instance
- B. Can be used separately as an engine, only if connected to the Demisto Server directly
- C. It must have port 443 open to allow the Demisto Server to establish a connection
- D. Must be in a Load-Balancing group with at least another 3 members
Answer: A
NEW QUESTION 26
When analyzing logs for indicators, which are used for only BIOC identification'?
- A. error messages
- B. techniques
- C. artifacts
- D. observed activity
Answer: D
NEW QUESTION 27
Which deployment type supports installation of an engine on Windows, Mac OS. and Linux?
- A. DEB
- B. SH
- C. ZIP
- D. RPM
Answer: C
Explanation:
Explanation
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/engines/install-deploy-and-config
NEW QUESTION 28
Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)
- A. domain
- B. IP
- C. endpoint hostname
- D. registry entry
Answer: A,B
NEW QUESTION 29
A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake.
Where would the user configure the ratio of storage for each log type?
- A. Within the TMS, create an agent settings profile and modify the Disk Quota value
- B. Go to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota
- C. It is not possible to configure Cortex Data Lake quota for specific log types.
- D. Write a GPO for each endpoint agent to check in less often
Answer: B
NEW QUESTION 30
In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?
- A. Brand
- B. Type
- C. Vendor
- D. Using
Answer: C
NEW QUESTION 31
Which two items are stitched to the Cortex XDR causality chain'' (Choose two)
- A. registry set value
- B. SIEM alert
- C. firewall alert
- D. full URL
Answer: A,C
NEW QUESTION 32
Rearrange the steps into the correct order for modifying an incident layout.
Answer:
Explanation:
NEW QUESTION 33
A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?
- A. Tell them we can build it with Professional Services.
- B. Agree to build the integration as part of the POC
- C. Extend the POC window to allow the solution architects to build it
- D. Tell them custom integrations are not created as part of the POC
Answer: D
NEW QUESTION 34
How many use cases should a POC success criteria document include?
- A. only 1
- B. 3 or more
- C. no more than 5
- D. no more than 2
Answer: A
NEW QUESTION 35
Given the integration configuration and error in the screenshot what is the cause of the problem?
- A. incorrect Username and Password
- B. incorrect server URL
- C. incorrect instance name
- D. incorrect appliance port
Answer: A
NEW QUESTION 36
......
Master 2021 Latest The Questions Palo Alto Networks Certification and Pass PSE-Cortex Real Exam!: https://www.prep4sures.top/PSE-Cortex-exam-dumps-torrent.html
Practice To PSE-Cortex - Prep4sures Remarkable Practice On your Palo Alto Networks System Engineer - Cortex Professional Exam: https://drive.google.com/open?id=18YY2lBNlVYu5dx__6trT79gMuu_Hw3A6