Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • Valid PSE-Cortex Exam Q&A PDF PSE-Cortex Dump is Ready (Updated 60 Questions) [Q14-Q29]

Valid PSE-Cortex Exam Q&A PDF PSE-Cortex Dump is Ready (Updated 60 Questions) [Q14-Q29]

Share

Valid PSE-Cortex Exam Q&A PDF PSE-Cortex Dump is Ready (Updated 60 Questions)

Exam Questions and Answers for  PSE-Cortex Study Guide

NEW QUESTION 14
A General Purpose Dynamic Section can be added to which two layouts for incident types? (Choose two)

  • A. Incident Summary
  • B. "Close" Incident Form
  • C. Incident Quick View
  • D. "New"/Edit" Incident Form

Answer: A,C

 

NEW QUESTION 15
Which two log types should be configuredfor firewall forwarding to the Cortex Data Lake for use by Cortex XDR?(Choose two)

  • A. Analytics
  • B. Correlation
  • C. Security Event
  • D. HIP

Answer: A,C

 

NEW QUESTION 16
How many use cases should a POC success criteria document include?

  • A. only 1
  • B. 3 or more
  • C. no more than 5
  • D. no more than 2

Answer: A

 

NEW QUESTION 17
An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them How should an administrator perform this evaluation?

  • A. Run a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities
  • B. Gather information about the word processing applications and run them on a Windows XP SP3 VM Determine if any of the applications are vulnerable and run the exploit with an exploitation tool
  • C. Prepare the latest version of Windows VM Gather information about the word processing applications, determine if some of them are vulnerable and prepare a working exploit for at least one of them Execute with an exploitation tool
  • D. Run word processing exploits in a latest version of Windows VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities

Answer: A

 

NEW QUESTION 18
If you have a playbook task that errors out. where could you see the output of the task?

  • A. War Room of the incident
  • B. /var/log/messages
  • C. Demisto Audit log
  • D. Playbook Editor

Answer: A

 

NEW QUESTION 19
Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

  • A. Endpoint > Endpoint Management
  • B. the local console
  • C. Response > Action Center
  • D. Telnet

Answer: C,D

 

NEW QUESTION 20
What are two manual actions allowed on War Room entries? (Choose two.)

  • A. Mark as evidence
  • B. Mark as artifact
  • C. Mark as note
  • D. Mark as scheduled entry

Answer: B

 

NEW QUESTION 21
What are process exceptions used for?

  • A. whitelist programs from WildFire analysis
  • B. permit processes to load specific DLLs
  • C. change the WildFire verdict for a given executable
  • D. disable an EPM for a particular process

Answer: D

 

NEW QUESTION 22
Rearrange the steps into the correct order for modifying an incident layout.

Answer:

Explanation:

 

NEW QUESTION 23
How does DBot score an indicator that has multiple reputation scores?

  • A. uses the most severe score scores
  • B. the reputation as undefined
  • C. uses the average score
  • D. uses the least severe score

Answer: A

 

NEW QUESTION 24
Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

  • A. Device Customization
  • B. Device Control
  • C. Agent Management
  • D. Agent Configuration

Answer: B

Explanation:
https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-features-introduced-in-december-2019/ba-p/302231

 

NEW QUESTION 25
What is the result of creating an exception from an exploit security event?

  • A. disables the triggered EPM for the host and process involve
  • B. White lists the process from Wild Fire analysis
  • C. exempts the user from generating events for 24 hours
  • D. exempts administrators from generating alerts for 24 hours

Answer: A

 

NEW QUESTION 26
Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)

  • A. domain
  • B. registry entry
  • C. endpoint hostname
  • D. IP

Answer: B,C

 

NEW QUESTION 27
How can you view all the relevant incidents for an indicator?

  • A. Related Incidents column in Indicator Screen
  • B. Linked Indicators column in Incident Screen
  • C. Linked Incidents column in Indicator Screen
  • D. Related Indicators column in Incident Screen

Answer: A

 

NEW QUESTION 28
An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.
What is the safest way to do it?

  • A. The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.
  • B. The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console
  • C. The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.
  • D. The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

Answer: B

 

NEW QUESTION 29
......

Certification dumps - Palo Alto Networks Certification PSE-Cortex guides - 100% valid: https://www.testsimulate.com/PSE-Cortex-study-materials.html

Related Blogs

more
Go To PSE-Cortex Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.