PSE-CORTEX Online Practice Questions and Answers

Which option describes a Load-Balancing Engine Group?

A. A group of engines that use an algorithm to efficiently share the workload for integrations

B. A group of engines that ensure High Availability of Demisto backend databases.

C. A group of engines that use an algorithm to efficiently share the workload for automation scripts

D. A group of D2 agents that share processing power across multiple endpoints

During the TMS instance activation, a tenant (Customer) provides the following information for the fields in the Activation - Step 2 of 2 window.

During the service instance provisioning which three DNS host names are created? (Choose three.)

A. cc-xnet50.traps.paloaltonetworks.com

B. hc-xnet50.traps.paloaltonetworks.com

C. cc-xnet.traps.paloaltonetworks.com

D. cc.xnet50traps.paloaltonetworks.com

E. xnettraps.paloaltonetworks.com

F. ch-xnet.traps.paloaltonetworks.com

What are process exceptions used for?

A. whitelist programs from WildFire analysis

B. permit processes to load specific DLLs

C. change the WildFire verdict for a given executable

D. disable an EPM for a particular process

Which deployment type supports installation of an engine on Windows, Mac OS. and Linux?

A. RPM

B. SH

C. DEB

D. ZIP

If a customer activates a TMS tenant and has not purchased a Cortex Data Lake instance.

Palo Alto Networks will provide the customer with a free instance

What size is this free Cortex Data Lake instance?

A. 1 TB

B. 10 GB

C. 100 GB

D. 10 TB

A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?

A. Extend the POC window to allow the solution architects to build it

B. Tell them we can build it with Professional Services.

C. Tell them custom integrations are not created as part of the POC

D. Agree to build the integration as part of the POC

An Administrator is alerted to a Suspicious Process Creation security event from multiple users.

The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )

A. With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module

B. Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist

C. In the Cortex XDR security event, review the specific parent process, child process, and command line arguments

D. Contact support and ask for a security exception.

An EDR project was initiated by a CISO. Which resource will likely have the most heavy influence on the project?

A. desktop engineer

B. SOC manager

C. SOC analyst IT

D. operations manager

In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three.)

A. Domain/workgroup membership

B. quarantine status

C. hostname

D. OS

E. attack threat intelligence tag

Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

A. Response > Action Center

B. the local console

C. Telnet

D. Endpoint > Endpoint Management