Top Tips Of Updated PSE-Cortex Dumps

NEW QUESTION 1
A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?

• A. Extend the POC window to allow the solution architects to build it
• B. Tell them we can build it with Professional Services.
• C. Tell them custom integrations are not created as part of the POC
• D. Agree to build the integration as part of the POC

Answer: C

NEW QUESTION 2
Given the integration configuration and error in the screenshot what is the cause of the problem?

• A. incorrect instance name
• B. incorrect Username and Password
• C. incorrect appliance port
• D. incorrect server URL

Answer: B

NEW QUESTION 3
Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

• A. Agent Configuration
• B. Device Control
• C. Device Customization
• D. Agent Management

Answer: B

Explanation:
https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-features-introduced-in-december-2019/ba-p/302231

NEW QUESTION 4
Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

• A. Response > Action Center
• B. the local console
• C. Telnet
• D. Endpoint > Endpoint Management

Answer: AD

NEW QUESTION 5
The certificate used for decryption was installed as a trusted toot CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console. What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

• A. add paloaltonetworks.com to the SSL Decryption Exclusion list
• B. enable SSL decryption
• C. disable SSL decryption
• D. reinstall the root CA certificate

Answer: D

NEW QUESTION 6
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

• A. #Bob
• B. /invite Bob
• C. @Bob
• D. !invite Bob

Answer: C

NEW QUESTION 7
Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types? (Choose three.)

• A. Define whether a playbook runs automatically when an incident type is encountered
• B. Set reminders for an incident SLA
• C. Add new fields to an incident type
• D. Define the way that incidents of a specific type are displayed in the system
• E. Drop new incidents of the same type that contain similar information

Answer: ABD

NEW QUESTION 8
A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified
(exploit/windows/browser/ms16_051_vbscript)
The description and current configuration of the exploit are as follows;

What is the remaining configuration?
A)

B)

C)

D)

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: D

NEW QUESTION 9
The prospect is deciding whether to go with a phishing or a ServiceNow use case as part of their POC We have integrations for both but a playbook for phishing only Which use case should be used for the POC?

• A. phishing
• B. either
• C. ServiceNow
• D. neither

Answer: A

NEW QUESTION 10
What are two manual actions allowed on War Room entries? (Choose two.)

• A. Mark as artifact
• B. Mark as scheduled entry
• C. Mark as note
• D. Mark as evidence

Answer: CD

NEW QUESTION 11
When analyzing logs for indicators, which are used for only BIOC identification'?

• A. observed activity
• B. artifacts
• C. techniques
• D. error messages

Answer: C

NEW QUESTION 12
A General Purpose Dynamic Section can be added to which two layouts for incident types? (Choose two)

• A. "Close" Incident Form
• B. Incident Summary
• C. Incident Quick View
• D. "New"/Edit" Incident Form

Answer: BC

NEW QUESTION 13
Which two filter operators are available in Cortex XDR? (Choose two.)

• A. < >
• B. Contains
• C. =
• D. Is Contained By

Answer: BC

NEW QUESTION 14
A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake. Where would the user configure the ratio of storage for each log type?

• A. Within the TMS, create an agent settings profile and modify the Disk Quota value
• B. It is not possible to configure Cortex Data Lake quota for specific log types.
• C. Go to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota
• D. Write a GPO for each endpoint agent to check in less often

Answer: C

NEW QUESTION 15
An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.
What is the safest way to do it?

• A. The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console
• B. The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.
• C. The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.
• D. The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

Answer: C

NEW QUESTION 16
......