PSE-CORTEX Online Practice Questions and Answers

If you have a playbook task that errors out. where could you see the output of the task?

A. /var/log/messages

B. War Room of the incident

C. Demisto Audit log

D. Playbook Editor

During the TMS instance activation, a tenant (Customer) provides the following information for the fields in the Activation - Step 2 of 2 window.

During the service instance provisioning which three DNS host names are created? (Choose three.)

A. cc-xnet50.traps.paloaltonetworks.com

B. hc-xnet50.traps.paloaltonetworks.com

C. cc-xnet.traps.paloaltonetworks.com

D. cc.xnet50traps.paloaltonetworks.com

E. xnettraps.paloaltonetworks.com

F. ch-xnet.traps.paloaltonetworks.com

In an Air-Gapped environment where the Docker package was manually installed after the Cortex XSOAR installation which action allows Cortex XSOAR to access Docker?

A. create a "docker" group and add the "Cortex XSOAR" or "demisto" user to this group

B. create a "Cortex XSOAR' or "demisto" group and add the "docker" user to this group

C. disable the Cortex XSOAR service

D. enable the docker service

An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.

What is the safest way to do it?

A. The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console

B. The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.

C. The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

D. The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

How does DBot score an indicator that has multiple reputation scores?

A. uses the most severe score scores

B. the reputation as undefined

C. uses the average score

D. uses the least severe score

How do sub-playbooks affect the Incident Context Data?

A. When set to private, task outputs do not automatically get written to the root context

B. When set to private, task outputs automatically get written to the root context

C. When set to global, allows parallel task execution.

D. When set to global, sub-playbook tasks do not have access to the root context

Whichfour types of Traps logs are stored within Cortex Data Lake?

A. Threat, Config, System,Data

B. Threat, Config, System, Analytic

C. Threat, Monitor. System, Analytic

D. Threat, Config, Authentication, Analytic

Which step is required to prepare the VDI Golden Image?

A. Review any PE files that WildFire determined to be malicious

B. Ensure the latest content updates are installed

C. Run the VDI conversion tool

D. Set the memory dumps to manual setting

An EDR project was initiated by a CISO. Which resource will likely have the most heavy influence on the project?

A. desktop engineer

B. SOC manager

C. SOC analyst IT

D. operations manager

Which two filter operators are available in Cortex XDR? (Choose two.)

A. not Contains

B. !*

C. =>

D. < >