Free PSE-Cortex Sample Questions — Palo Alto Networks System Engineer Professional - Cortex

In addition to migration and go-live, what are two best-practice steps for migrating from SIEM to Cortex XSIAM? (Choose two.)

• A. Execution
• B. Certification
• C. Conclusion
• D. Testing

Which integration allows data to be pushed from Cortex XSOAR into Splunk?

• A. ArcSight ESM integration
• B. SplunkUpdate integration
• C. Demisto App for Splunk integration
• D. SplunkPY integration

What are two capabilities of a War Room? (Choose two.)

• A. create widgets for an investigation
• B. create playbooks for orchestration
• C. act as an audit trail for an investigation
• D. run ad-hoc automation commands

Which type of log is ingested natively in Cortex XDR Pro per TB?

• A. Google Kubernetes Engine
• B. Demisto
• C. Docker
• D. Microsoft Office 365

Which service helps uncover attackers wherever they hide by combining world-class threat hunters with Cortex XDR technology that runs on integrated endpoint, network, and cloud data sources?

• A. Cloud Identity Engine (CIE)
• B. Managed Threat Hunting (MTH)
• C. virtual desktop infrastructure (VDI)
• D. Threat Intelligence Platform (TIP)

A customer has 2700 endpoints. There is currently concern about recent attacks in their industry and threat intelligence from a third-party subscription. In an attempt to be proactive, phishing simulations have been prioritized, but the customer wants to gain more visibility and remediation capabilities specific to their network traffic. Which Cortex product provides these capabilities?

• A. XDR Pro Per Endpoint
• B. XDR Pro Per GB
• C. XDR Forensics Module
• D. XDR Phishing Response Playbook

Which statement applies to the malware protection flow of the endpoint agent in Cortex XSIAM?

• A. file from an allowed signer is exempt from local analysis
• B. Local analysis always happens before a WildFire verdict check
• C. Hash comparisons come after local static analysis
• D. The block list is verified in the final step

A customer has purchased Cortex Data Lake storage with the following configuration, which requires 2 TB of Cortex Data Lake to order: support for 300 total Cortex XDR clients all forwarding Cortex XDR data with 30-day retention storage for higher fidelity logs to support Cortex XDR advanced analytics The customer now needs 1000 total Cortex XDR clients, but continues with 300 clients forwarding Cortex XDR data with 30-day retention. What is the new total storage requirement for Cortex Data Lake storage to order?

• A. 16 TB
• B. 4 TB
• C. 8 TB
• D. 2 TB

What is the function of reputation scoring in the Threat Intelligence Module of Cortex XSIAM?

• A. It provides a statistical model for combining scores from multiple vendors
• B. It resolves conflicting scores from different vendors with the same indicator
• C. It allows for comparison between open-source intelligence and paid services
• D. It helps identify threat feed vendors with invalid content

Which two statements apply to widgets? (Choose two.)

• A. All widgets are customizable
• B. Dashboards cannot be shared across an organization
• C. widget can have its own time range that is different from the rest of the dashboard
• D. Some widgets cannot be changed

What is the result of creating an exception from an exploit security event?

• A. Administrators are exempt from generating alerts for 24 hours
• B. Process from WildFire analysis is whitelisted
• C. Triggered exploit protection module (EPM) for the host and process involved is disabled
• D. User is exempt from generating events for 24 hours

Which Cortex XDR license is required for a customer that requests endpoint detection and response (EDR) data collection capabilities?

• A. Cortex XDR Pro per TB
• B. Cortex XDR Endpoint
• C. Cortex XDR Prevent
• D. Cortex XDR Pro Per Endpoint

How do sub-playbooks affect the Incident Context Data?

• A. When set to private, task outputs do not automatically get written to the root context
• B. When set to global, sub-playbook tasks do not have access to the root context
• C. When set to global, parallel task execution is allowed
• D. When set to private, task outputs are automatically written to the root context

Which step is required to prepare the virtual desktop infrastructure (VDI) golden image?

• A. Run the VDI conversion tool
• B. Ensure the latest content updates are installed
• C. Review any portable executable (PE) files WildFire determined to be malicious
• D. Set the memory dumps to manual setting

A customer wants the main Cortex XSOAR server installed in one site and wants to integrate with three other technologies in a second site. What communications are required between the two sites if the customer wants to install a Cortex XSOAR engine in the second site?

• A. The Cortex XSOAR server at the first site must be able to initiate a connection to the Cortex XSOAR engine at the second site
• B. All connectivity is initiated from the Cortex XSOAR server on the first site via a managed cloud proxy
• C. Dedicated site-to-site virtual private network (VPN) is required for the Cortex XSOAR server at the first site to initiate a connection to the Cortex XSOAR engine at the second site
• D. The Cortex XSOAR engine at the first site must be able to initiate a connection to the Cortex XSOAR server at the second site

On a multi-tenanted v6.2 Cortex XSOAR server, which path leads to the server.log for "Tenant1"?

• A. /var/log/demisto/acc_Tenant1/server.log
• B. /var/log/demisto/Tenant1/server.log
• C. /var/lib/demisto/acc_Tenant1/server.log
• D. /var/lib/demisto/server.log

Which playbook feature allows concurrent execution of tasks?

• A. parallel tasks
• B. automation tasks
• C. manual tasks
• D. conditional tasks

Which command-line interface (CLI) query would retrieve the last three Splunk events?

• A. !search using=splunk_instance_1 query="* | last 3"
• B. !search using=splunk_instance_1 query="* | 3"
• C. !query using=splunk_instance_1 query="* | last 3"
• D. !search using=splunk_instance_1 query="* | head 3"

Which two items are stitched to the Cortex XDR causality chain? (Choose two.)

• A. firewall alert
• B. security and information event management (SIEM) alert
• C. registry set value
• D. full uniform resource locator (URL)

How can Cortex XSOAR save time when a phishing incident occurs?

• A. It can automatically email staff to warn them about the phishing attack and show them a copy of the email
• B. It can automatically respond to the phishing email to unsubscribe from future emails
• C. It can automatically purge the email from user mailboxes in which it has not yet opened
• D. It can automatically identify every mailbox that received the phish and create corresponding cases for them