2022 Latest PSE-Cortex dumps - Instant Download PDF
Updated Verified PSE-Cortex Downloadable Printable Exam Dumps
NEW QUESTION 17
If a customer activates a TMS tenant and has not purchased a Cortex Data Lake instance.
Palo Alto Networks will provide the customer with a free instance
What size is this free Cortex Data Lake instance?
- A. 100 GB
- B. 10 TB
- C. 10 GB
- D. 1 TB
Answer: D
NEW QUESTION 18
In an Air-Gapped environment where the Docker package was manually installed after the Cortex XSOAR installation which action allows Cortex XSOAR to access Docker?
- A. create a "Cortex XSOAR' or "demisto" group and add the "docker" user to this group
- B. disable the Cortex XSOAR service
- C. create a "docker" group and add the "Cortex XSOAR" or "demisto" user to this group
- D. enable the docker service
Answer: A
NEW QUESTION 19
How do sub-playbooks affect the Incident Context Data?
- A. When set to global, allows parallel task execution.
- B. When set to private, task outputs automatically get written to the root context
- C. When set to global, sub-playbook tasks do not have access to the root context
- D. When set to private, task outputs do not automatically get written to the root context
Answer: C
NEW QUESTION 20
Which two entities can be created as a BIOC? (Choose two.)
- A. registry
- B. event log
- C. alert log
- D. file
Answer: A,D
Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/cortex-xdr-indicators/working-with-biocs/create-a-bioc-rule.html
NEW QUESTION 21
If an anomalous process is discovered while investigating the cause of a security event, you can take immediate action to terminate the process or the whole process tree, and block processes from running by initiating which Cortex XDR capability?
- A. Log Stitching
- B. Live Sensors
- C. Live Terminal
- D. File Explorer
Answer: C
NEW QUESTION 22
Which two log types should be configuredfor firewall forwarding to the Cortex Data Lake for use by Cortex XDR?(Choose two)
- A. Correlation
- B. Security Event
- C. Analytics
- D. HIP
Answer: B,C
NEW QUESTION 23
How does an "inline" auto-extract task affect playbook execution?
- A. Wait until the indicators are enriched and populate context data before executing the next step.
- B. step. Wait until the indicators are enriched but doesn't populate context data before executing the next step.
- C. Doesn't wait until the indicators are enriched and continues executing the next step
- D. Doesn't wait until the indicators are enriched but populate context data before executing the next
Answer: A
NEW QUESTION 24
How can you view all the relevant incidents for an indicator?
- A. Related Incidents column in Indicator Screen
- B. Linked Indicators column in Incident Screen
- C. Related Indicators column in Incident Screen
- D. Linked Incidents column in Indicator Screen
Answer: A
NEW QUESTION 25
An EDR project was initiated by a CISO. Which resource will likely have the most heavy influence on the project?
- A. operations manager
- B. desktop engineer
- C. SOC analyst IT
- D. SOC manager
Answer: D
NEW QUESTION 26
The prospect is deciding whether to go with a phishing or a ServiceNow use case as part of their POC We have integrations for both but a playbook for phishing only Which use case should be used for the POC?
- A. neither
- B. ServiceNow
- C. either
- D. phishing
Answer: D
NEW QUESTION 27
Which task allows the playbook to follow different paths based on specific conditions?
- A. Conditional
- B. Parallel
- C. Automation
- D. Manual
Answer: D
NEW QUESTION 28
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?
- A. !invite Bob
- B. #Bob
- C. /invite Bob
- D. @Bob
Answer: B
NEW QUESTION 29
An antivirus refresh project was initiated by the IT operations executive. Who is the best source for discussion about the project's operational considerations'?
- A. SOC analyst
- B. endpoint manager
- C. desktop engineer
- D. SOC manager
Answer: A
NEW QUESTION 30
In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?
- A. Using
- B. Brand
- C. Vendor
- D. Type
Answer: C
NEW QUESTION 31
"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?
- A. !invite Bob
- B. #Bob
- C. /invite Bob
- D. @Bob
Answer: D
NEW QUESTION 32
How do sub-playbooks affect the Incident Context Data?
- A. When set to global, allows parallel task execution.
- B. When set to private, task outputs do not automatically get written to the root context
- C. When set to private, task outputs automatically get written to the root context
- D. When set to global, sub-playbook tasks do not have access to the root context
Answer: B
NEW QUESTION 33
A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake.
Where would the user configure the ratio of storage for each log type?
- A. Go to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota
- B. Within the TMS, create an agent settings profile and modify the Disk Quota value
- C. It is not possible to configure Cortex Data Lake quota for specific log types.
- D. Write a GPO for each endpoint agent to check in less often
Answer: A
NEW QUESTION 34
Which Cortex XDR capability extends investigations to an endpoint?
- A. Sensors
- B. Log Stitching
- C. Live Terminal
- D. Causality Chain
Answer: B
Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-concepts
NEW QUESTION 35
Given the integration configuration and error in the screenshot what is the cause of the problem?
- A. incorrect Username and Password
- B. incorrect appliance port
- C. incorrect server URL
- D. incorrect instance name
Answer: D
NEW QUESTION 36
......
The Ultimate Palo Alto Networks PSE-Cortex Dumps PDF Review: https://braindumps.exam4tests.com/PSE-Cortex-pdf-braindumps.html