2022 PSE-Cortex dumps review - Professional Quiz Study Materials [Q28-Q46]

2022 PSE-Cortex dumps review - Professional Quiz Study Materials

PSE-Cortex Test Prep Training Practice Exam Questions Practice Tests

NEW QUESTION 28
Which two items are stitched to the Cortex XDR causality chain'' (Choose two)

A. full URL
B. firewall alert
C. SIEM alert
D. registry set value

Answer: B,D

NEW QUESTION 29
Which two log types should be configured for firewall forwarding to the Cortex Data Lake for use by Cortex XDR? (Choose two)

A. Correlation
B. Security Event
C. Analytics
D. HIP

Answer: B,D

NEW QUESTION 30
The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second Image? (Choose two.) SUCCESS

A. The modified scnpt was run in the wrong Docker image
B. The modified script required a different parameter to run successfully.
C. The modified script attempted to access a dictionary key that did not exist in the dictionary named
"data"
D. The dictionary was defined incorrectly in the second script.

Answer: A

NEW QUESTION 31
When analyzing logs for indicators, which are used for only BIOC identification'?

A. artifacts
B. techniques
C. observed activity
D. error messages

Answer: B

NEW QUESTION 32
The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?

A. Cortex XDR Pro Per Endpoint
B. Cortex XDR Pro per TB
C. Cortex XDR Prevent
D. Cortex XDR Endpoint

Answer: D

Explanation:
Explanation
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licen

NEW QUESTION 33
If you have a playbook task that errors out. where could you see the output of the task?

A. War Room of the incident
B. Playbook Editor
C. /var/log/messages
D. Demisto Audit log

Answer: B

NEW QUESTION 34
Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)

A. domain
B. registry entry
C. IP
D. endpoint hostname

Answer: A,C

NEW QUESTION 35
If an anomalous process is discovered while investigating the cause of a security event, you can take immediate action to terminate the process or the whole process tree, and block processes from running by initiating which Cortex XDR capability?

A. Live Terminal
B. File Explorer
C. Live Sensors
D. Log Stitching

Answer: A

NEW QUESTION 36
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three )

A. hostname
B. presence of Flash executable
C. OS
D. alert root cause
E. domain/workgroup membership

Answer: B,D,E

NEW QUESTION 37
What are two manual actions allowed on War Room entries? (Choose two.)

A. Mark as scheduled entry
B. Mark as note
C. Mark as artifact
D. Mark as evidence

Answer: C

NEW QUESTION 38
Which two log types should be configuredfor firewall forwarding to the Cortex Data Lake for use by Cortex XDR?(Choose two)

A. Correlation
B. Security Event
C. Analytics
D. HIP

Answer: B,C

NEW QUESTION 39
Which two entities can be created as a BIOC? (Choose two.)

A. alert log
B. file
C. registry
D. event log

Answer: B,C

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/cortex-xdr-indicators/working-with-biocs/create-a-bioc-rule.html

NEW QUESTION 40
How can you view all the relevant incidents for an indicator?

A. Linked Indicators column in Incident Screen
B. Related Incidents column in Indicator Screen
C. Related Indicators column in Incident Screen
D. Linked Incidents column in Indicator Screen

Answer: B

NEW QUESTION 41
In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?