Buy Latest Dec 18, 2021 PSE-Cortex Exam Q&A PDF - One Year Free Update

Download the Latest PSE-Cortex Dump - 2021 PSE-Cortex Exam Questions

NEW QUESTION 10
What are two manual actions allowed on War Room entries? (Choose two.)

• A. Mark as artifact
• B. Mark as note
• C. Mark as scheduled entry
• D. Mark as evidence

Answer: B,D

 

NEW QUESTION 11
Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types?
(Choose three.)

• A. Drop new incidents of the same type that contain similar information
• B. Add new fields to an incident type
• C. Define the way that incidents of a specific type are displayed in the system
• D. Set reminders for an incident SLA
• E. Define whether a playbook runs automatically when an incident type is encountered

Answer: A,C,E

 

NEW QUESTION 12
Which task allows the playbook to follow different paths based on specific conditions?

• A. Parallel
• B. Conditional
• C. Manual
• D. Automation

Answer: C

 

NEW QUESTION 13
Which two filter operators are available in Cortex XDR? (Choose two.)

• A. =
• B. Is Contained By
• C. Contains
• D. < >

Answer: A,C

 

NEW QUESTION 14
The prospect is deciding whether to go with a phishing or a ServiceNow use case as part of their POC We have integrations for both but a playbook for phishing only Which use case should be used for the POC?

• A. phishing
• B. either
• C. neither
• D. ServiceNow

Answer: A

 

NEW QUESTION 15
Which four types of Traps logs are stored within Cortex Data Lake?

• A. Threat, Config, Authentication, Analytic
• B. Threat, Config, System, Analytic
• C. Threat, Config, System, Data
• D. Threat, Monitor. System, Analytic

Answer: B

 

NEW QUESTION 16
Which option is required to prepare the VDI Golden Image?

• A. Install the Cortex XOR Agent on the local machine
• B. Use the Cortex XDR VDI tool to obtain verdicts for all PE files
• C. Configure the Golden Image as a persistent VDI
• D. Run the Cortex VDI conversion tool

Answer: D

 

NEW QUESTION 17
An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.
What is the safest way to do it?

• A. The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.
• B. The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.
• C. The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console
• D. The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

Answer: B

 

NEW QUESTION 18
A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified (exploit/windows/browser/ms16_051_vbscript) The description and current configuration of the exploit are as follows;

What is the remaining configuration?
A)

B)

C)

D)

• A. Option D
• B. Option B
• C. Option A
• D. Option C

Answer: A

 

NEW QUESTION 19
A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?

• A. Tell them we can build it with Professional Services.
• B. Agree to build the integration as part of the POC
• C. Extend the POC window to allow the solution architects to build it
• D. Tell them custom integrations are not created as part of the POC

Answer: D

 

NEW QUESTION 20
Which task allows the playbook to follow different paths based on specific conditions?

• A. Conditional
• B. Parallel
• C. Manual
• D. Automation

Answer: A

 

NEW QUESTION 21
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three )

• A. domain/workgroup membership
• B. OS
• C. presence of Flash executable
• D. hostname
• E. alert root cause

Answer: A,C,E

 

NEW QUESTION 22
If you have a playbook task that errors out. where could you see the output of the task?

• A. War Room of the incident
• B. /var/log/messages
• C. Demisto Audit log
• D. Playbook Editor

Answer: A

 

NEW QUESTION 23
When analyzing logs for indicators, which are used for only BIOC identification'?

• A. error messages
• B. observed activity
• C. artifacts
• D. techniques

Answer: D

 

NEW QUESTION 24
Which option describes a Load-Balancing Engine Group?

• A. A group of engines that use an algorithm to efficiently share the workload for automation scripts
• B. A group of engines that ensure High Availability of Demisto backend databases.
• C. A group of engines that use an algorithm to efficiently share the workload for integrations
• D. A group of D2 agents that share processing power across multiple endpoints

Answer: A

 

NEW QUESTION 25
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

• A. /invite Bob
• B. !invite Bob
• C. #Bob
• D. @Bob

Answer: C

 

NEW QUESTION 26
......

Verified PSE-Cortex Dumps Q&As - 1 Year Free & Quickly Updates: https://www.testsimulate.com/PSE-Cortex-study-materials.html