• Home
  • Articles
  • Free Palo Alto Networks PSE-Cortex Study Guides Exam Questions & Answer [Q17-Q37]

Free Palo Alto Networks PSE-Cortex Study Guides Exam Questions & Answer [Q17-Q37]

Share

Free Palo Alto Networks PSE-Cortex Study Guides Exam Questions & Answer

PSE-Cortex Exam Dumps, PSE-Cortex Practice Test Questions

NEW QUESTION 17
In an Air-Gapped environment where the Docker package was manually installed after the Cortex XSOAR installation which action allows Cortex XSOAR to access Docker?

  • A. disable the Cortex XSOAR service
  • B. enable the docker service
  • C. create a "docker" group and add the "Cortex XSOAR" or "demisto" user to this group
  • D. create a "Cortex XSOAR' or "demisto" group and add the "docker" user to this group

Answer: D

 

NEW QUESTION 18
When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the REST API?

  • A. SplunkSearch automation
  • B. SplunkGO integration
  • C. splunk-get-alerts integration command
  • D. Cortex XSOAR TA App for Splunk

Answer: D

 

NEW QUESTION 19
How do sub-playbooks affect the Incident Context Data?

  • A. When set to global, sub-playbook tasks do not have access to the root context
  • B. When set to private, task outputs do not automatically get written to the root context
  • C. When set to private, task outputs automatically get written to the root context
  • D. When set to global, allows parallel task execution.

Answer: A

 

NEW QUESTION 20
How does DBot score an indicator that has multiple reputation scores?

  • A. the reputation as undefined
  • B. uses the most severe score scores
  • C. uses the least severe score
  • D. uses the average score

Answer: B

 

NEW QUESTION 21
The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second Image? (Choose two.) SUCCESS

  • A. The modified script attempted to access a dictionary key that did not exist in the dictionary named "data"
  • B. The modified scnpt was run in the wrong Docker image
  • C. The modified script required a different parameter to run successfully.
  • D. The dictionary was defined incorrectly in the second script.

Answer: B

 

NEW QUESTION 22
When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the REST API?

  • A. splunk-get-alerts integration command
  • B. Cortex XSOAR TA App for Splunk
  • C. SplunkSearch automation
  • D. SplunkGO integration

Answer: A

 

NEW QUESTION 23
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three.)

  • A. OS
  • B. attack threat intelligence tag
  • C. hostname
  • D. Domain/workgroup membership
  • E. quarantine status

Answer: A,C,E

 

NEW QUESTION 24
Rearrange the steps into the correct order for modifying an incident layout.

Answer:

Explanation:

 

NEW QUESTION 25
Which two log types should be configuredfor firewall forwarding to the Cortex Data Lake for use by Cortex XDR?(Choose two)

  • A. Correlation
  • B. Security Event
  • C. Analytics
  • D. HIP

Answer: B,C

 

NEW QUESTION 26
Which task allows the playbook to follow different paths based on specific conditions?

  • A. Automation
  • B. Parallel
  • C. Manual
  • D. Conditional

Answer: C

 

NEW QUESTION 27
The certificate used for decryption was installed as a trusted toot CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console.What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

  • A. enable SSL decryption
  • B. add paloaltonetworks.com to the SSL Decryption Exclusion list
  • C. reinstall the root CA certificate
  • D. disable SSL decryption

Answer: D

 

NEW QUESTION 28
Which option describes a Load-Balancing Engine Group?

  • A. A group of engines that use an algorithm to efficiently share the workload for integrations
  • B. A group of D2 agents that share processing power across multiple endpoints
  • C. A group of engines that use an algorithm to efficiently share the workload for automation scripts
  • D. A group of engines that ensure High Availability of Demisto backend databases.

Answer: C

 

NEW QUESTION 29
The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second Image? (Choose two.) SUCCESS

  • A. The modified scnpt was run in the wrong Docker image
  • B. The modified script required a different parameter to run successfully.
  • C. The modified script attempted to access a dictionary key that did not exist in the dictionary named
    "data"
  • D. The dictionary was defined incorrectly in the second script.

Answer: A

 

NEW QUESTION 30
In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?

  • A. Using
  • B. Vendor
  • C. Brand
  • D. Type

Answer: B

 

NEW QUESTION 31
Which step is required to prepare the VDI Golden Image?

  • A. Set the memory dumps to manual setting
  • B. Review any PE files that WildFire determined to be malicious
  • C. Run the VDI conversion tool
  • D. Ensure the latest content updates are installed

Answer: A

 

NEW QUESTION 32
The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?

  • A. Cortex XDR Endpoint
  • B. Cortex XDR Pro per TB
  • C. Cortex XDR Pro Per Endpoint
  • D. Cortex XDR Prevent

Answer: C

Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/cortex-xdr-overview/cortex-xdr-licenses/migrate-your-cortex-xdr-license

 

NEW QUESTION 33
Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types? (Choose three.)

  • A. Define whether a playbook runs automatically when an incident type is encountered
  • B. Set reminders for an incident SLA
  • C. Add new fields to an incident type
  • D. Drop new incidents of the same type that contain similar information
  • E. Define the way that incidents of a specific type are displayed in the system

Answer: A,B,E

 

NEW QUESTION 34
What is the result of creating an exception from an exploit security event?

  • A. exempts administrators from generating alerts for 24 hours
  • B. exempts the user from generating events for 24 hours
  • C. disables the triggered EPM for the host and process involve
  • D. White lists the process from Wild Fire analysis

Answer: C

 

NEW QUESTION 35
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three )

  • A. hostname
  • B. presence of Flash executable
  • C. OS
  • D. alert root cause
  • E. domain/workgroup membership

Answer: B,D,E

 

NEW QUESTION 36
Which two formats are supported by Whitelist? (Choose two)

  • A. Regex
  • B. STIX
  • C. CIDR
  • D. CSV

Answer: C,D

 

NEW QUESTION 37
......

Latest PSE-Cortex Actual Free Exam Questions Updated 60 Questions: https://www.torrentvalid.com/PSE-Cortex-valid-braindumps-torrent.html

Attested PSE-Cortex Dumps PDF Resource [2021]: https://drive.google.com/open?id=1jw0OVnpJxuQKwpwvqug5xTNoOOt4bf8c

Related Articles

more
Palo Alto Networks PSE-Cortex Certification Practice Exam

Our Latest and Valid Exam Torrent is a comprehensive self-study tool for preparing for the coming Actual Test. Just Download the Update Free Valid Demo for a try. Your pressure will be relieved and the actual test is Easy to Pass.

Contact Us

Our Working Time: ( GMT 0:00-15:00 )   From Monday to Saturday

Contact now

Copyright © 2026 TorrentValid NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy