Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • A fully updated 2021 PSE-Cortex Exam Dumps exam guide from training expert TestSimulate [Q11-Q29]

A fully updated 2021 PSE-Cortex Exam Dumps exam guide from training expert TestSimulate [Q11-Q29]

Share

A fully updated 2021 PSE-Cortex Exam Dumps exam guide from training expert TestSimulate

Provides complete coverage of every objective on exam and exam preparation PSE-Cortex

NEW QUESTION 11
Which two entities can be created as a BIOC? (Choose two.)

  • A. file
  • B. alert log
  • C. registry
  • D. event log

Answer: A,C

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/cortex-xdr-indicators/working-with-biocs/create-a-bioc-rule.html

 

NEW QUESTION 12
The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second Image? (Choose two.) SUCCESS

  • A. The dictionary was defined incorrectly in the second script.
  • B. The modified script attempted to access a dictionary key that did not exist in the dictionary named "data"
  • C. The modified scnpt was run in the wrong Docker image
  • D. The modified script required a different parameter to run successfully.

Answer: C

 

NEW QUESTION 13
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three )

  • A. hostname
  • B. OS
  • C. presence of Flash executable
  • D. domain/workgroup membership
  • E. alert root cause

Answer: C,D,E

 

NEW QUESTION 14
Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

  • A. Device Control
  • B. Device Customization
  • C. Agent Configuration
  • D. Agent Management

Answer: A

Explanation:
https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-features-introduced-in-december-2019/ba-p/302231

 

NEW QUESTION 15
The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?

  • A. Cortex XDR Prevent
  • B. Cortex XDR Endpoint
  • C. Cortex XDR Pro Per Endpoint
  • D. Cortex XDR Pro per TB

Answer: C

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licenses/migrate-your-cortex-xdr-license

 

NEW QUESTION 16
Which CLI query would bring back Notable Events from Splunk?
A)

B)

C)

D)

  • A. Option A
  • B. Option D
  • C. Option B
  • D. Option C

Answer: B

 

NEW QUESTION 17
How can you view all the relevant incidents for an indicator?

  • A. Linked Indicators column in Incident Screen
  • B. Related Incidents column in Indicator Screen
  • C. Related Indicators column in Incident Screen
  • D. Linked Incidents column in Indicator Screen

Answer: A

 

NEW QUESTION 18
Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types? (Choose three.)

  • A. Add new fields to an incident type
  • B. Define whether a playbook runs automatically when an incident type is encountered
  • C. Drop new incidents of the same type that contain similar information
  • D. Set reminders for an incident SLA
  • E. Define the way that incidents of a specific type are displayed in the system

Answer: B,D,E

 

NEW QUESTION 19
The certificate used for decryption was installed as a trusted toot CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console.What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

  • A. reinstall the root CA certificate
  • B. enable SSL decryption
  • C. add paloaltonetworks.com to the SSL Decryption Exclusion list
  • D. disable SSL decryption

Answer: D

 

NEW QUESTION 20
Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types?
(Choose three.)

  • A. Add new fields to an incident type
  • B. Set reminders for an incident SLA
  • C. Define whether a playbook runs automatically when an incident type is encountered
  • D. Define the way that incidents of a specific type are displayed in the system
  • E. Drop new incidents of the same type that contain similar information

Answer: C,D,E

 

NEW QUESTION 21
When a Demisto Engine is part of a Load-Balancing group it?

  • A. It must have port 443 open to allow the Demisto Server to establish a connection
  • B. Cannot be used separately and does not appear in the in the engines drop-down menu when configuring an integration instance
  • C. Must be in a Load-Balancing group with at least another 3 members
  • D. Can be used separately as an engine, only if connected to the Demisto Server directly

Answer: B

 

NEW QUESTION 22
How can you view all the relevant incidents for an indicator?

  • A. Related Indicators column in Incident Screen
  • B. Linked Indicators column in Incident Screen
  • C. Related Incidents column in Indicator Screen
  • D. Linked Incidents column in Indicator Screen

Answer: C

 

NEW QUESTION 23
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three.)

  • A. hostname
  • B. OS
  • C. quarantine status
  • D. attack threat intelligence tag
  • E. Domain/workgroup membership

Answer: A,B,E

 

NEW QUESTION 24
The certificate used for decryption was installed as a trusted toot CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console. What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

  • A. enable SSL decryption
  • B. disable SSL decryption
  • C. add paloaltonetworks.com to the SSL Decryption Exclusion list
  • D. reinstall the root CA certificate

Answer: D

 

NEW QUESTION 25
Which four types of Traps logs are stored within Cortex Data Lake?

  • A. Threat, Config, Authentication, Analytic
  • B. Threat, Config, System, Data
  • C. Threat, Config, System, Analytic
  • D. Threat, Monitor. System, Analytic

Answer: C

 

NEW QUESTION 26
Rearrange the steps into the correct order for modifying an incident layout.

Answer:

Explanation:

 

NEW QUESTION 27
Which deployment type supports installation of an engine on Windows, Mac OS. and Linux?

  • A. DEB
  • B. RPM
  • C. SH
  • D. ZIP

Answer: D

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/engines/install-deploy-and-configure-demisto-engines/create-a-new-engine.html

 

NEW QUESTION 28
An Administrator is alerted to a Suspicious Process Creation security event from multiple users.
The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )

  • A. Contact support and ask for a security exception.
  • B. Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist
  • C. With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module
  • D. In the Cortex XDR security event, review the specific parent process, child process, and command line arguments

Answer: A

 

NEW QUESTION 29
......

Tested Material Used To PSE-Cortex: https://www.testsimulate.com/PSE-Cortex-study-materials.html

 

Related Blogs

more
Go To PSE-Cortex Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.