PSE-CORTEX Online Practice Questions and Answers

During the TMS instance activation, a tenant (Customer) provides the following information for the fields in the Activation - Step 2 of 2 window.

During the service instance provisioning which three DNS host names are created? (Choose three.)

A. cc-xnet50.traps.paloaltonetworks.com

B. hc-xnet50.traps.paloaltonetworks.com

C. cc-xnet.traps.paloaltonetworks.com

D. cc.xnet50traps.paloaltonetworks.com

E. xnettraps.paloaltonetworks.com

F. ch-xnet.traps.paloaltonetworks.com

Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?

A. the relevant shell

B. The causality group owner

C. the adversary's remote process

D. the chain's alert initiator

What is the difference between an exception and an exclusion?

A. An exception is based on rules and exclusions are on alerts

B. An exclusion is based on rules and exceptions are based on alerts.

C. An exception does not exist

D. An exclusion does not exist

How can you view all the relevant incidents for an indicator?

A. Linked Incidents column in Indicator Screen

B. Linked Indicators column in Incident Screen

C. Related Indicators column in Incident Screen D. Related Incidents column in Indicator Screen

Whichfour types of Traps logs are stored within Cortex Data Lake?

A. Threat, Config, System,Data

B. Threat, Config, System, Analytic

C. Threat, Monitor. System, Analytic

D. Threat, Config, Authentication, Analytic

What method does the Traps agent use to identify malware during a scheduled scan?

A. Heuristic analysis

B. Local analysis

C. Signature comparison

D. WildFire hash comparison and dynamic analysis

Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)

A. IP

B. endpoint hostname

C. domain

D. registry entry

Which two filter operators are available in Cortex XDR? (Choose two.)

A. < >

B. Contains

C. =

D. Is Contained By

The certificate used for decryption was installed as a trusted root CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

A. add paloaltonetworks com to the SSL Decryption Exclusion list

B. enable SSL decryption

C. disable SSL decryption

D. reinstall the root CA certificate

What are two manual actions allowed on War Room entries? (Choose two.)

A. Mark as artifact

B. Mark as scheduled entry

C. Mark as note

D. Mark as evidence