Month End Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

PSE-Cortex Palo Alto Networks System Engineer - Cortex Professional Questions and Answers

Questions 4

Which command is used to add Cortex XSOAR "User1" to an investigation from the War Room command-line interface (CLI)?

Options:

A.

/invite User1

B.

#User1

C.

@User1

D.

!invite User1

Buy Now
Questions 5

Which four types of Traps logs are stored within Cortex Data Lake?

Options:

A.

Threat, Config, System, Data

B.

Threat, Config, System, Analytic

C.

Threat, Monitor. System, Analytic

D.

Threat, Config, Authentication, Analytic

Buy Now
Questions 6

What are two ways a customer can configure user authentication access Cortex Xpanse? (Choose two.)

Options:

A.

Secure Shell (SSH)

B.

SAML

C.

RADIUS

D.

Customer Support Portal

Buy Now
Questions 7

Given the exception thrown in the accompanying image by the Demisto REST API integration, which action would most likely solve the problem?

Which two playbook functionalities allow looping through a group of tasks during playbook execution? (Choose two.)

Options:

A.

Generic Polling Automation Playbook

B.

Playbook Tasks

C.

Sub-Play books

D.

Playbook Functions

Buy Now
Questions 8

Which integration allows data to be pushed from Cortex XSOAR into Splunk?

Options:

A.

ArcSight ESM integration

B.

SplunkUpdate integration

C.

Demisto App for Splunk integration

D.

SplunkPY integration

Buy Now
Questions 9

Cortex XSOAR has extracted a malicious IP address involved in command-and-control traffic.

What is the best method to automatically block this IP from communicating with endpoints without requiring a configuration change on the firewall?

Options:

A.

Create a NetOps ticket requesting a configuration change to the firewall to block the IP.

B.

Add the IP address to an external dynamic list used by the firewall.

C.

Add the IP address to a threat intelligence management malicious IP list to elevate priority of future alerts.

D.

Block the IP address by creating a deny rule in the firewall.

Buy Now
Questions 10

Where is the output of the task visible when a playbook task errors out?

Options:

A.

playbook editor

B.

XSOAR audit log

C.

/var/log/messages

D.

War Room of the incident

Buy Now
Questions 11

An antivirus refresh project was initiated by the IT operations executive. Who is the best source for discussion about the project's operational considerations'?

Options:

A.

endpoint manager

B.

SOC manager

C.

SOC analyst

D.

desktop engineer

Buy Now
Questions 12

What is the difference between the intel feed’s license quotas of Cortex XSOAR Starter Edition and Cortex XSOAR (SOAR + TIM)?

Options:

A.

Cortex XSOAR Started Edition has unlimited access to the Threat Intel Library.

B.

In Cortex XSOAR (SOAR + TIM), Unit 42 Intelligence is not included.

C.

In Cortex XSOAR (SOAR + TIM), intelligence detail view and relationships data are not included.

D.

Cortex XSOAR Starter Edition includes up to 5 active feeds and 100 indicators/fetch.

Buy Now
Questions 13

In an Air-Gapped environment where the Docker package was manually installed after the Cortex XSOAR installation which action allows Cortex XSOAR to access Docker?

Options:

A.

create a “docker” group and add the "Cortex XSOAR" or "demisto" user to this group

B.

create a "Cortex XSOAR' or "demisto" group and add the "docker" user to this group

C.

disable the Cortex XSOAR service

D.

enable the docker service

Buy Now
Questions 14

Which playbook feature allows concurrent execution of tasks?

Options:

A.

parallel tasks

B.

automation tasks

C.

manual tasks

D.

conditional tasks

Buy Now
Questions 15

The prospect is deciding whether to go with a phishing or a ServiceNow use case as part of their POC We have integrations for both but a playbook for phishing only Which use case should be used for the POC?

Options:

A.

phishing

B.

either

C.

ServiceNow

D.

neither

Buy Now
Questions 16

Which two entities can be created as a behavioral indicator of compromise (BIOC)? (Choose two.)

Options:

A.

process

B.

data

C.

event alert

D.

network

Buy Now
Questions 17

How can you view all the relevant incidents for an indicator?

Options:

A.

Linked Incidents column in Indicator Screen

B.

Linked Indicators column in Incident Screen

C.

Related Indicators column in Incident Screen

D.

Related Incidents column in Indicator Screen

Buy Now
Questions 18

The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second Image? (Choose two.)

SUCCESS

Options:

A.

The modified scnpt was run in the wrong Docker image

B.

The modified script required a different parameter to run successfully.

C.

The dictionary was defined incorrectly in the second script.

D.

The modified script attempted to access a dictionary key that did not exist in the dictionary named "data”

Buy Now
Questions 19

What is used to display only file entries in a War Room?

Options:

A.

files from War Room CLI WW

B.

incident files section in layout builder

C.

files and attachments filters

D.

/files from War Room CLI

Buy Now
Questions 20

Which Cortex XSIAM feature can be used to onboard data sources?

Options:

A.

Marketplace Integration

B.

Playbook

C.

Data Ingestion Dashboard

D.

Asset Inventory

Buy Now
Questions 21

A customer has purchased Cortex XSOAR and has a need to rapidly stand up the product in their environment. The customer has stated that their internal staff are currently occupied with other projects.

Which Palo Alto Networks service offering should be recommended to the customer?

Options:

A.

Deployment

B.

Onboardinq

C.

Fast-Track

D.

QuickStart

Buy Now
Questions 22

Which Cortex XDR capability prevents running malicious files from USB-connected removable equipment?

Options:

A.

Device customization

B.

Agent configuration

C.

Agent management

D.

Restrictions profile

Buy Now
Questions 23

Which playbook functionality allows grouping of tasks to create functional building blocks?

Options:

A.

playbook features

B.

sub-playbooks

C.

conditional tasks

D.

manual tasks

Buy Now
Questions 24

Which action should be performed by every Cortex Xpanse proof of value (POV)?

Options:

A.

Grant the customer access to the management console immediately following activation.

B.

Provide the customer with an export of all findings at the conclusion of the POV.

C.

Enable all of the attach surface rules to show the highest number of alerts.

D.

Review the mapping in advance to identity a few interesting findings to share with the customer.

Buy Now
Questions 25

An Administrator is alerted to a Suspicious Process Creation security event from multiple users.

The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )

Options:

A.

With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module

B.

Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist

C.

In the Cortex XDR security event, review the specific parent process, child process, and command line arguments

D.

Contact support and ask for a security exception.

Buy Now
Questions 26

How does an "inline" auto-extract task affect playbook execution?

Options:

A.

Doesn't wait until the indicators are enriched and continues executing the next step

B.

Doesn't wait until the indicators are enriched but populate context data before executing the next

C.

step. Wait until the indicators are enriched but doesn't populate context data before executing the next step.

D.

Wait until the indicators are enriched and populate context data before executing the next step.

Buy Now
Questions 27

Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types? (Choose three.)

Options:

A.

Define whether a playbook runs automatically when an incident type is encountered

B.

Set reminders for an incident SLA

C.

Add new fields to an incident type

D.

Define the way that incidents of a specific type are displayed in the system

E.

Drop new incidents of the same type that contain similar information

Buy Now
Questions 28

What is the primary mechanism for the attribution of attack surface data in Cortex Xpanse?

Options:

A.

Active scanning with network-installed agents

B.

Dark web monitoring

C.

Customer-provided asset inventory lists

D.

Scanning from public internet data sources

Buy Now
Questions 29

Which two statements apply to widgets? (Choose two.)

Options:

A.

All widgets are customizable.

B.

Dashboards cannot be shared across an organization.

C.

A widget can have its own time range that is different from the rest of the dashboard.

D.

Some widgets cannot be changed

Buy Now
Questions 30

What is the requirement for enablement of endpoint and network analytics in Cortex XDR?

Options:

A.

Cloud Identity Engine configured and enabled

B.

Network Mapper applet on the Broker VM configured and enabled

C.

Logs from at least 30 endpoints over a minimum of two weeks

D.

Windows DHCP logs ingested via a Cortex XDR collector

Buy Now
Questions 31

Which two filter operators are available in Cortex XDR? (Choose two.)

Options:

A.

< >

B.

Contains

C.

=

D.

Is Contained By

Buy Now
Questions 32

A Cortex XSOAR customer wants to send a survey to users asking them to input their manager's email for a training use case so the manager can receive status reports on the employee's training. However, the customer is concerned users will provide incorrect information to avoid sending status updates to their manager.

How can Cortex XSOAR most efficiently sanitize user input prior to using the responses in the playbook?

Options:

A.

Create a task that sends the survey responses to the analyst via email. If the responses are incorrect, the analyst fills out the correct response in the survey.

B.

Create a manual task to ask the analyst to validate the survey response in the platform.

C.

Create a sub-playbook and import a list of manager emails into XSOAR. Use a conditional task comparison to check if the response matches an email on the list. If no matches are found, loop the sub-playbook and send the survey back to the user until a match is found.

D.

Create a conditional task comparison to check if the response contains a valid email address.

Buy Now
Questions 33

Why is reputation scoring important in the Threat Intelligence Module of Cortex XSOAR?

Options:

A.

It allows for easy comparison between open-source intelligence and paid services.

B.

It deconflicts prioritization when two vendors give different scores for the same indicator.

C.

It provides a mathematical model for combining scores from multiple vendors.

D.

It helps identify threat intelligence vendors with substandard content.

Buy Now
Questions 34

Which feature in Cortex XSIAM extends analytics detections to all mapped network and authentication data?

Options:

A.

Threat feed integration

B.

Automation daybooks

C.

Parsing rules

D.

Data models

Buy Now
Questions 35

Which task setting allows context output to a specific key?

Options:

A.

extend context

B.

stop on errors

C.

task output

D.

lags

Buy Now
Questions 36

Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)

Options:

A.

IP

B.

endpoint hostname

C.

domain

D.

registry entry

Buy Now
Questions 37

Which task allows the playbook to follow different paths based on specific conditions?

Options:

A.

Conditional

B.

Automation

C.

Manual

D.

Parallel

Buy Now
Questions 38

How can Cortex XSOAR save time when a phishing incident occurs?

Options:

A.

It can automatically email staff to warn them about the phishing attack and show them a copy of the email.

B.

It can automatically respond to the phishing email to unsubscribe from future emails.

C.

It can automatically purge the email from user mailboxes in which it has not yet opened.

D.

It can automatically identify every mailbox that received the phish and create corresponding cases for them.

Buy Now
Questions 39

Which two items are stitched to the Cortex XDR causality chain'' (Choose two)

Options:

A.

firewall alert

B.

SIEM alert

C.

full URL

D.

registry set value

Buy Now
Questions 40

Which aspect of Cortex Xpanse allows for visibility over remote workforce risks?

Options:

A.

The ability to identify customer assets on residential networks

B.

The use of a VPN connection to scan remote devices

C.

The deployment of a Cortex Xpanse aqent on the remote endpoint

D.

The presence of a portal for remote workers to use for posture checking

Buy Now
Questions 41

The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?

Options:

A.

Cortex XDR Pro per TB

B.

Cortex XDR Prevent

C.

Cortex XDR Endpoint

D.

Cortex XDR Pro Per Endpoint

Buy Now
Questions 42

Which two formats are supported by Whitelist? (Choose two)

Options:

A.

Regex

B.

STIX

C.

CSV

D.

CIDR

Buy Now
Questions 43

Which description applies to the features of the Cortex platform as a holistic ecosystem?

Options:

A.

It is solely focused on reactive security measures, neglecting proactive approaches.

B.

It offers an end-to-end security solution, covering every step of security processes.

C.

It primarily focuses on endpoint prevention without addressing other security aspects

D.

It provides a partial security solution, leaving some steps of the security process uncovered.

Buy Now
Questions 44

What are two ways Cortex XSIAM monitors for issues with data ingestion? (Choose two.)

Options:

A.

The Data Ingestion Health page identifies deviations from normal patterns of log collection

B.

The Cortex XSIAM Command Center dashboard will display a red icon if a data source is having issues.

C.

The tenant’s compute units consumption will change dramatically, indicating a collection issue.

D.

It automatically runs a copilot playbook to troubleshoot and resolve ingestion issues.

Buy Now
Questions 45

What is a benefit offered by Cortex XSOAR?

Options:

A.

It provides advanced customization capabilities.

B.

It provides real-time protection across hosts and containers.

C.

It enables consolidation of multiple point products into a single integrated service.

D.

It enables a comprehensive view of the customer environment with regard to digital employee productivity.

Buy Now
Questions 46

Which two actions are required to add indicators to the whitelist? (Choose two.)

Options:

A.

Click "New Whitelisted Indicator" in the Whitelist page.

B.

Upload an external file named "whitelist" to the Whitelist page.

C.

Upload an external file named "whitelist" to the Indicators page.

D.

Select the indicators and click "Delete and Whitelist" in the Indicators page.

Buy Now
Questions 47

Which integration allows searching and displaying Splunk results within Cortex XSOAR?

Options:

A.

SplunkPY integration

B.

Demisto App for Splunk integration

C.

XSOAR REST API integration

D.

Splunk integration

Buy Now
Questions 48

Which Linux OS command will manually load Docker images onto the Cortex XSOAR server in an air-gapped environment?

Options:

A.

sudo repoquery -a --installed

B.

sudo demistoserver-x.x-xxxx.sh -- -tools=load

C.

sudo docker ps load

D.

sudo docker load -i YOUR_DOCKER_FILE.tar

Buy Now
Questions 49

Cortex XDR can schedule recurring scans of endpoints for malware. Identify two methods for initiating an on-demand malware scan (Choose two )

Options:

A.

Response > Action Center

B.

the local console

C.

Telnet

D.

Endpoint > Endpoint Management

Buy Now
Questions 50

Which Cortex XDR capability allows for the immediate termination of a process discovered during investigation of a security event?

Options:

A.

file explorer

B.

Log stitching

C.

live sensor

D.

live terminal

Buy Now
Exam Code: PSE-Cortex
Exam Name: Palo Alto Networks System Engineer - Cortex Professional
Last Update: Apr 25, 2025
Questions: 168
PSE-Cortex pdf

PSE-Cortex PDF

$25.5  $84.99
PSE-Cortex Engine

PSE-Cortex Testing Engine

$30  $99.99
PSE-Cortex PDF + Engine

PSE-Cortex PDF + Testing Engine

$40.5  $134.99