Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • Palo Alto Networks PSE-Cortex Cert Guide PDF 100% Cover Real Exam Questions [Q17-Q33]

Palo Alto Networks PSE-Cortex Cert Guide PDF 100% Cover Real Exam Questions [Q17-Q33]

Share

Palo Alto Networks PSE-Cortex Cert Guide PDF 100% Cover Real Exam Questions

Pass PSE-Cortex Exam - Real Questions & Answers

NEW QUESTION 17
Whichfour types of Traps logs are stored within Cortex Data Lake?

  • A. Threat, Config, Authentication, Analytic
  • B. Threat, Config, System, Analytic
  • C. Threat, Config, System,Data
  • D. Threat, Monitor. System, Analytic

Answer: C

 

NEW QUESTION 18
Which task allows the playbook to follow different paths based on specific conditions?

  • A. Automation
  • B. Parallel
  • C. Manual
  • D. Conditional

Answer: D

 

NEW QUESTION 19
Which step is required to prepare the VDI Golden Image?

  • A. Set the memory dumps to manual setting
  • B. Review any PE files that WildFire determined to be malicious
  • C. Run the VDI conversion tool
  • D. Ensure the latest content updates are installed

Answer: A

 

NEW QUESTION 20
What are two manual actions allowed on War Room entries? (Choose two.)

  • A. Mark as scheduled entry
  • B. Mark as note
  • C. Mark as artifact
  • D. Mark as evidence

Answer: C

 

NEW QUESTION 21
Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)

  • A. registry entry
  • B. IP
  • C. domain
  • D. endpoint hostname

Answer: A,D

 

NEW QUESTION 22
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

  • A. !invite Bob
  • B. #Bob
  • C. @Bob
  • D. /invite Bob

Answer: B

 

NEW QUESTION 23
What is the retention requirement for Cortex Data Lake sizing?

  • A. number of endpoints
  • B. number of VM-Series NGFW
  • C. number of days
  • D. logs per second

Answer: C

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-cortex-data-lake/set-log-storage-quota

 

NEW QUESTION 24
What are process exceptions used for?

  • A. change the WildFire verdict for a given executable
  • B. whitelist programs from WildFire analysis
  • C. disable an EPM for a particular process
  • D. permit processes to load specific DLLs

Answer: B

 

NEW QUESTION 25
The prospect is deciding whether to go with a phishing or a ServiceNow use case as part of their POC We have integrations for both but a playbook for phishing only Which use case should be used for the POC?

  • A. either
  • B. ServiceNow
  • C. neither
  • D. phishing

Answer: D

 

NEW QUESTION 26
How do sub-playbooks affect the Incident Context Data?

  • A. When set to private, task outputs automatically get written to the root context
  • B. When set to private, task outputs do not automatically get written to the root context
  • C. When set to global, allows parallel task execution.
  • D. When set to global, sub-playbook tasks do not have access to the root context

Answer: B

 

NEW QUESTION 27
An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.
What is the safest way to do it?

  • A. The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.
  • B. The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console
  • C. The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console
  • D. The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.

Answer: A

 

NEW QUESTION 28
An EDR project was initiated by a CISO. Which resource will likely have the most heavy influence on the project?

  • A. SOC manager
  • B. desktop engineer
  • C. operations manager
  • D. SOC analyst IT

Answer: A

 

NEW QUESTION 29
Which two items are stitched to the Cortex XDR causality chain'' (Choose two)

  • A. full URL
  • B. firewall alert
  • C. SIEM alert
  • D. registry set value

Answer: A,B

 

NEW QUESTION 30
The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?

  • A. Cortex XDR Pro Per Endpoint
  • B. Cortex XDR Pro per TB
  • C. Cortex XDR Prevent
  • D. Cortex XDR Endpoint

Answer: D

Explanation:
Explanation
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licen

 

NEW QUESTION 31
A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified (exploit/windows/browser/ms16_051_vbscript) The description and current configuration of the exploit are as follows;

What is the remaining configuration?
A)

B)

C)

D)

  • A. Option A
  • B. Option C
  • C. Option B
  • D. Option D

Answer: D

 

NEW QUESTION 32
Which two log types should be configuredfor firewall forwarding to the Cortex Data Lake for use by Cortex XDR?(Choose two)

  • A. Correlation
  • B. Security Event
  • C. Analytics
  • D. HIP

Answer: B,C

 

NEW QUESTION 33
......

100% Free PSE-Cortex Daily Practice Exam With 60 Questions: https://www.testsimulate.com/PSE-Cortex-study-materials.html

Related Blogs

more
Go To PSE-Cortex Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.