• Home
  • Articles
  • [Apr-2022] Updated Palo Alto Networks Certification PSE-Cortex Exam Questions BUNDLE PACK [Q10-Q31]

[Apr-2022] Updated Palo Alto Networks Certification PSE-Cortex Exam Questions BUNDLE PACK [Q10-Q31]

Share

[Apr-2022] Updated Palo Alto Networks Certification PSE-Cortex Exam Questions BUNDLE PACK

Master The Palo Alto Networks Content PSE-Cortex EXAM DUMPS WITH GUARANTEED SUCCESS!

NEW QUESTION 10
Which task allows the playbook to follow different paths based on specific conditions?

  • A. Manual
  • B. Parallel
  • C. Conditional
  • D. Automation

Answer: C

 

NEW QUESTION 11
When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the REST API?

  • A. Cortex XSOAR TA App for Splunk
  • B. splunk-get-alerts integration command
  • C. SplunkGO integration
  • D. SplunkSearch automation

Answer: A

 

NEW QUESTION 12
How can you view all the relevant incidents for an indicator?

  • A. Linked Incidents column in Indicator Screen
  • B. Related Incidents column in Indicator Screen
  • C. Related Indicators column in Incident Screen
  • D. Linked Indicators column in Incident Screen

Answer: D

 

NEW QUESTION 13
The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second Image? (Choose two.) SUCCESS

  • A. The modified script required a different parameter to run successfully.
  • B. The dictionary was defined incorrectly in the second script.
  • C. The modified script attempted to access a dictionary key that did not exist in the dictionary named "data"
  • D. The modified scnpt was run in the wrong Docker image

Answer: D

 

NEW QUESTION 14
Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?

  • A. the adversary's remote process
  • B. The causality group owner
  • C. the chain's alert initiator
  • D. the relevant shell

Answer: B

 

NEW QUESTION 15
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three.)

  • A. Domain/workgroup membership
  • B. quarantine status
  • C. hostname
  • D. attack threat intelligence tag
  • E. OS

Answer: B,C,E

 

NEW QUESTION 16
Which two log types should be configured for firewall forwarding to the Cortex Data Lake for use by Cortex XDR? (Choose two)

  • A. Analytics
  • B. Security Event
  • C. Correlation
  • D. HIP

Answer: B,D

 

NEW QUESTION 17
How do sub-playbooks affect the Incident Context Data?

  • A. When set to global, sub-playbook tasks do not have access to the root context
  • B. When set to global, allows parallel task execution.
  • C. When set to private, task outputs automatically get written to the root context
  • D. When set to private, task outputs do not automatically get written to the root context

Answer: D

 

NEW QUESTION 18
An Administrator is alerted to a Suspicious Process Creation security event from multiple users.
The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )

  • A. Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist
  • B. Contact support and ask for a security exception.
  • C. In the Cortex XDR security event, review the specific parent process, child process, and command line arguments
  • D. With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module

Answer: A,C

 

NEW QUESTION 19
The prospect is deciding whether to go with a phishing or a ServiceNow use case as part of their POC We have integrations for both but a playbook for phishing only Which use case should be used for the POC?

  • A. either
  • B. ServiceNow
  • C. neither
  • D. phishing

Answer: D

 

NEW QUESTION 20
Which two formats are supported by Whitelist? (Choose two)

  • A. CSV
  • B. STIX
  • C. Regex
  • D. CIDR

Answer: C,D

 

NEW QUESTION 21
Which option is required to prepare the VDI Golden Image?

  • A. Configure the Golden Image as a persistent VDI
  • B. Run the Cortex VDI conversion tool
  • C. Install the Cortex XOR Agent on the local machine
  • D. Use the Cortex XDR VDI tool to obtain verdicts for all PE files

Answer: D

 

NEW QUESTION 22
What is the retention requirement for Cortex Data Lake sizing?

  • A. number of endpoints
  • B. number of VM-Series NGFW
  • C. logs per second
  • D. number of days

Answer: D

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-cortex-data-lake/set-log-storage-quota

 

NEW QUESTION 23
What are process exceptions used for?

  • A. whitelist programs from WildFire analysis
  • B. change the WildFire verdict for a given executable
  • C. permit processes to load specific DLLs
  • D. disable an EPM for a particular process

Answer: D

 

NEW QUESTION 24
Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

  • A. Agent Configuration
  • B. Device Customization
  • C. Device Control
  • D. Agent Management

Answer: C

Explanation:
https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-features-introduced-in-december-2019/ba-p/302231

 

NEW QUESTION 25
If an anomalous process is discovered while investigating the cause of a security event, you can take immediate action to terminate the process or the whole process tree, and block processes from running by initiating which Cortex XDR capability?

  • A. Live Sensors
  • B. File Explorer
  • C. Log Stitching
  • D. Live Terminal

Answer: D

 

NEW QUESTION 26
Which task allows the playbook to follow different paths based on specific conditions?

  • A. Conditional
  • B. Parallel
  • C. Automation
  • D. Manual

Answer: D

 

NEW QUESTION 27
Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

  • A. Response > Action Center
  • B. the local console
  • C. Endpoint > Endpoint Management
  • D. Telnet

Answer: A,C

 

NEW QUESTION 28
When a Demisto Engine is part of a Load-Balancing group it?

  • A. It must have port 443 open to allow the Demisto Server to establish a connection
  • B. Can be used separately as an engine, only if connected to the Demisto Server directly
  • C. Must be in a Load-Balancing group with at least another 3 members
  • D. Cannot be used separately and does not appear in the in the engines drop-down menu when configuring an integration instance

Answer: C

 

NEW QUESTION 29
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three )

  • A. domain/workgroup membership
  • B. alert root cause
  • C. hostname
  • D. presence of Flash executable
  • E. OS

Answer: A,C,E

 

NEW QUESTION 30
Which two entities can be created as a BIOC? (Choose two.)

  • A. event log
  • B. registry
  • C. file
  • D. alert log

Answer: B,C

Explanation:
Explanation
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/cortex-xd

 

NEW QUESTION 31
......

Pass Palo Alto Networks PSE-Cortex Exam – Experts Are Here To Help You: https://www.exam4tests.com/PSE-Cortex-valid-braindumps.html

Get Latest Palo Alto Networks Certification PSE-Cortex Practice Test For Quick Preparation: https://drive.google.com/open?id=1SP-A73OmlGB2cXkJW7-bOCTOKQfvQjZY

Related Articles

more
Palo Alto Networks PSE-Cortex Certification Practice Exam

Copyright © 2026 Exam4Tests NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy