New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Paloalto Networks PSE-Cortex Palo Alto Networks System Engineer - Cortex Professional Exam Practice Test

Demo: 9 questions
Total 60 questions

Palo Alto Networks System Engineer - Cortex Professional Questions and Answers

Question 1

A General Purpose Dynamic Section can be added to which two layouts for incident types? (Choose two)

Options:

A.

"Close" Incident Form

B.

Incident Summary

C.

Incident Quick View

D.

"New"/Edit" Incident Form

Question 2

What method does the Traps agent use to identify malware during a scheduled scan?

Options:

A.

Heuristic analysis

B.

Local analysis

C.

Signature comparison

D.

WildFire hash comparison and dynamic analysis

Question 3

Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types? (Choose three.)

Options:

A.

Define whether a playbook runs automatically when an incident type is encountered

B.

Set reminders for an incident SLA

C.

Add new fields to an incident type

D.

Define the way that incidents of a specific type are displayed in the system

E.

Drop new incidents of the same type that contain similar information

Question 4

Which four types of Traps logs are stored within Cortex Data Lake?

Options:

A.

Threat, Config, System, Data

B.

Threat, Config, System, Analytic

C.

Threat, Monitor. System, Analytic

D.

Threat, Config, Authentication, Analytic

Question 5

What is the retention requirement for Cortex Data Lake sizing?

Options:

A.

number of endpoints

B.

number of VM-Series NGFW

C.

number of days

D.

logs per second

Question 6

How many use cases should a POC success criteria document include?

Options:

A.

only 1

B.

3 or more

C.

no more than 5

D.

no more than 2

Question 7

In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three.)

Options:

A.

Domain/workgroup membership

B.

quarantine status

C.

hostname

D.

OS

E.

attack threat intelligence tag

Question 8

A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?

Options:

A.

Extend the POC window to allow the solution architects to build it

B.

Tell them we can build it with Professional Services.

C.

Tell them custom integrations are not created as part of the POC

D.

Agree to build the integration as part of the POC

Question 9

An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them

How should an administrator perform this evaluation?

Options:

A.

Gather information about the word processing applications and run them on a Windows XP SP3 VM Determine if any of the applications are vulnerable and run the exploit with an exploitation tool

B.

Run word processing exploits in a latest version of Windows VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities

C.

Run a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities

D.

Prepare the latest version of Windows VM Gather information about the word processing applications, determine if some of them are vulnerable and prepare a working exploit for at least one of them Execute with an exploitation tool

Demo: 9 questions
Total 60 questions