PSE-CORTEX Online Practice Questions and Answers
During the TMS instance activation, a tenant (Customer) provides the following information for the fields in the Activation - Step 2 of 2 window.
During the service instance provisioning which three DNS host names are created? (Choose three.)
A. cc-xnet50.traps.paloaltonetworks.com
B. hc-xnet50.traps.paloaltonetworks.com
C. cc-xnet.traps.paloaltonetworks.com
D. cc.xnet50traps.paloaltonetworks.com
E. xnettraps.paloaltonetworks.com
F. ch-xnet.traps.paloaltonetworks.com
The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?
A. Cortex XDR Pro per TB
B. Cortex XDR Prevent
C. Cortex XDR Endpoint
D. Cortex XDR Pro Per Endpoint
A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?
A. Extend the POC window to allow the solution architects to build it
B. Tell them we can build it with Professional Services.
C. Tell them custom integrations are not created as part of the POC
D. Agree to build the integration as part of the POC
In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?
A. Vendor
B. Type
C. Using
D. Brand
A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified (exploit/windows/browser/ms16_051_vbscript)
The description and current configuration of the exploit are as follows;
What is the remaining configuration?
A. set PAYLOAD windows/x64/meterpreter/reverse_tcp set SSLCert survey set LHOST 10.0.0.10
set LPORT 8080
B. set PAYLOAD windows/x64/powershell_bind_tcp set SRVHOST 10.0.0.10 set SRVHOST 443 set URIPATH survey
C. set PAYLOAD windows/x64/meterpreter/reverse_Tcp set SRVHOST 10.0.0.10 set SRVHOST 443 set URIPATH survey
D. set PAYLOAD windows/x64/meterpreter/reverse_tcp set LHOST 10.0.0.10 set LPORT 443 set URIPATH survey
What are two manual actions allowed on War Room entries? (Choose two.)
A. Mark as artifact
B. Mark as scheduled entry
C. Mark as note
D. Mark as evidence
If an anomalous process is discovered while investigating the cause of a security event, you can take immediate action to terminate the process or the whole process tree, and block processes from running by initiating which Cortex XDR capability?
A. Live Sensors
B. File Explorer
C. Log Stitching
D. Live Terminal
An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them
How should an administrator perform this evaluation?
A. Gather information about the word processing applications and run them on a Windows XP SP3 VM Determine if any of the applications are vulnerable and run the exploit with an exploitation tool
B. Run word processing exploits in a latest version of Windows VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities
C. Run a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities
D. Prepare the latest version of Windows VM Gather information about the word processing applications, determine if some of them are vulnerable and prepare a working exploit for at least one of them Execute with an exploitation tool
Which CLI query would bring back Notable Events from Splunk?
A. ! splunk-search query=" `notable` | head 3"
B. ! splunk-search query=" 'notable' | head 3"
C. ! splunk-search query="*"
D. ! splunk-search query="* | head 3"
Which Cortex XDR capability extends investigations to an endpoint?
A. Log Stitching
B. Causality Chain
C. Sensors
D. Live Terminal