100% Pass Guaranteed Accurate PSE-Cortex Answers 365 Days Free Updates [Q19-Q37]

100% Pass Guaranteed Accurate PSE-Cortex Answers 365 Days Free Updates

PSE-Cortex DUMPS Q&As with Explanations Verified & Correct Answers

NEW QUESTION 19
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three )

• A. domain/workgroup membership
• B. alert root cause
• C. presence of Flash executable
• D. hostname
• E. OS

Answer: A,D,E

 

NEW QUESTION 20
Which task allows the playbook to follow different paths based on specific conditions?

• A. Manual
• B. Conditional
• C. Parallel
• D. Automation

Answer: B

 

NEW QUESTION 21
An EDR project was initiated by a CISO. Which resource will likely have the most heavy influence on the project?

• A. operations manager
• B. SOC manager
• C. desktop engineer
• D. SOC analyst IT

Answer: B

 

NEW QUESTION 22
Given the integration configuration and error in the screenshot what is the cause of the problem?

• A. incorrect Username and Password
• B. incorrect instance name
• C. incorrect server URL
• D. incorrect appliance port

Answer: A

 

NEW QUESTION 23
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

• A. /invite Bob
• B. #Bob
• C. @Bob
• D. !invite Bob

Answer: C

 

NEW QUESTION 24
What is the retention requirement for Cortex Data Lake sizing?

• A. number of endpoints
• B. number of days
• C. number of VM-Series NGFW
• D. logs per second

Answer: B

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-data-lake/cortex-data-lake-getting-started/get-started-with-cortex-data-lake/set-log-storage-quota

 

NEW QUESTION 25
When analyzing logs for indicators, which are used for only BIOC identification'?

• A. observed activity
• B. error messages
• C. techniques
• D. artifacts

Answer: A

 

NEW QUESTION 26
When a Demisto Engine is part of a Load-Balancing group it?

• A. Cannot be used separately and does not appear in the in the engines drop-down menu when configuring an integration instance
• B. Can be used separately as an engine, only if connected to the Demisto Server directly
• C. Must be in a Load-Balancing group with at least another 3 members
• D. It must have port 443 open to allow the Demisto Server to establish a connection

Answer: A

 

NEW QUESTION 27
The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?

• A. Cortex XDR Prevent
• B. Cortex XDR Pro Per Endpoint
• C. Cortex XDR Pro per TB
• D. Cortex XDR Endpoint

Answer: B

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licenses/migrate-your-cortex-xdr-license

 

NEW QUESTION 28
If a customer activates a TMS tenant and has not purchased a Cortex Data Lake instance.
Palo Alto Networks will provide the customer with a free instance
What size is this free Cortex Data Lake instance?

• A. 100 GB
• B. 1 TB
• C. 10 GB
• D. 10 TB

Answer: B

 

NEW QUESTION 29
An Administrator is alerted to a Suspicious Process Creation security event from multiple users.
The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )

• A. Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist
• B. Contact support and ask for a security exception.
• C. In the Cortex XDR security event, review the specific parent process, child process, and command line arguments
• D. With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module

Answer: B

 

NEW QUESTION 30
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

• A. @Bob
• B. /invite Bob
• C. #Bob
• D. !invite Bob

Answer: C

 

NEW QUESTION 31
In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?

• A. Using
• B. Type
• C. Vendor
• D. Brand

Answer: C

 

NEW QUESTION 32
Which CLI query would bring back Notable Events from Splunk?
A)

B)

C)

D)

• A. Option A
• B. Option D
• C. Option C
• D. Option B

Answer: B

 

NEW QUESTION 33
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three.)

• A. Domain/workgroup membership
• B. hostname
• C. OS
• D. attack threat intelligence tag
• E. quarantine status

Answer: B,C,E

 

NEW QUESTION 34
If you have a playbook task that errors out. where could you see the output of the task?

• A. War Room of the incident
• B. Playbook Editor
• C. Demisto Audit log
• D. /var/log/messages

Answer: A

 

NEW QUESTION 35
The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second Image? (Choose two.) SUCCESS

• A. The modified script attempted to access a dictionary key that did not exist in the dictionary named
  "data"
• B. The dictionary was defined incorrectly in the second script.
• C. The modified script required a different parameter to run successfully.
• D. The modified scnpt was run in the wrong Docker image

Answer: D

 

NEW QUESTION 36
Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?

• A. Device Control
• B. Agent Configuration
• C. Agent Management
• D. Device Customization

Answer: A

Explanation:
Explanation
https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-features-introduced-in-december-2019/ba-p/302231

 

NEW QUESTION 37
......

PSE-Cortex dumps Exam Material with 60 Questions: https://examtorrent.actualcollection.com/PSE-Cortex-exam-questions.html