Palo Alto Networks System Engineer Professional - Cortex v1.0

Page:    1 / 5   
Exam contains 65 questions
Expand All

When initiated, which Cortex XDR capability allows immediate termination of the process or whole process tree on an anomalous process discovered during investigation of a security event?

  • A. file explorer
  • B. log stitching
  • C. live sensors
  • D. live terminal


Answer : D

What is the size of the free Cortex Data Lake instance provided to a customer who has activated a TMS tenant, but has not purchased a Cortex Data Lake instance?

  • A. 10 GB
  • B. 1 TB
  • C. 10 TB
  • D. 100 GB


Answer : B

How can Cortex XSOAR save time when a phishing incident occurs?

  • A. It can automatically email staff to warn them about the phishing attack and show them a copy of the email.
  • B. It can automatically respond to the phishing email to unsubscribe from future emails.
  • C. It can automatically purge the email from user mailboxes in which it has not yet opened.
  • D. It can automatically identify every mailbox that received the phish and create corresponding cases for them.


Answer : C

Which two types of indicators of compromise (IOCs) are available for creation in Cortex XDR? (Choose two.)

  • A. registry entry
  • B. Internet Protocol (IP)
  • C. domain
  • D. endpoint hostname


Answer : BC

What is a benefit offered by Cortex XSOAR?

  • A. It has the ability to customize the extensible platform to scale to business needs.
  • B. It allows the consolidation of multiple point products into a single integrated service.
  • C. It provides holistic protection across hosts and containers throughout the application lifecycle.
  • D. It enables an end-to-end view of everything in the customer environment that affects digital employee productivity.


Answer : A

Which action allows Cortex XSOAR to access Docker in an air-gapped environment where the Docker page was manually installed after the Cortex XSOAR installation?

  • A. Create a "docker" group and add the "Cortex XSOAR" or "demisto" user to this group.
  • B. Create a "Cortex XSOAR" or "demisto" group and add the "docker" user to this group.
  • C. Enable the Docker service.
  • D. Disable the Cortex XSOAR service.


Answer : A

The Cortex XDR management service requires which other Palo Alto Networks product?

  • A. Directory Sync
  • B. Cortex Data Lake
  • C. Panorama
  • D. Cortex XSOAR


Answer : B

Which command-line interface (CLI) query would retrieve the last three Splunk events?

  • A. !search using=splunk_instance_1 query="* | last 3"
  • B. !search using=splunk_instance_1 query="* | 3"
  • C. !query using=splunk_instance_1 query="* | last 3"
  • D. !search using=splunk_instance_1 query="* | head 3"


Answer : D

Which Linux OS command will manually load Docker images onto the Cortex XSOAR server in an air-gapped environment?

  • A. sudo repoquery -a --installed
  • B. sudo demistoserver-x.x-xxxx.sh -- -tools=load
  • C. sudo docker ps load
  • D. sudo docker load -i YOUR_DOCKER_FILE.tar


Answer : D

Which solution profiles network behavior metadata, not payloads and files, allowing effective operation regardless of encrypted or unencrypted communication protocols, like HTTPS?

  • A. endpoint protection platform (EPP)
  • B. Security Information and Event Management (SIEM)
  • C. endpoint detection and response (EDR)
  • D. Network Detection and Response (NDR)


Answer : D

A customer wants the main Cortex XSOAR server installed in one site and wants to integrate with three other technologies in a second site.
What communications are required between the two sites if the customer wants to install a Cortex XSOAR engine in the second site?

  • A. The Cortex XSOAR server at the first site must be able to initiate a connection to the Cortex XSOAR engine at the second site.
  • B. All connectivity is initiated from the Cortex XSOAR server on the first site via a managed cloud proxy.
  • C. Dedicated site-to-site virtual private network (VPN) is required for the Cortex XSOAR server at the first site to initiate a connection to the Cortex XSOAR engine at the second site.
  • D. The Cortex XSOAR engine at the first site must be able to initiate a connection to the Cortex XSOAR server at the second site.


Answer : A

Which two methods does the Cortex XDR agent use to identify malware during a scheduled scan? (Choose two.)

  • A. WildFire hash comparison
  • B. heuristic analysis
  • C. signature comparison
  • D. dynamic analysis


Answer : AB

Why is reputation scoring important in the Threat Intelligence Module of Cortex XSOAR?

  • A. It allows for easy comparison between open-source intelligence and paid services.
  • B. It deconflicts prioritization when two vendors give different scores for the same indicator.
  • C. It provides a mathematical model for combining scores from multiple vendors.
  • D. It helps identify threat intelligence vendors with substandard content.


Answer : B

Where is the output of the task visible when a playbook task errors out?

  • A. playbook editor
  • B. XSOAR audit log
  • C. /var/log/messages
  • D. War Room of the incident


Answer : D

Which command is used to add Cortex XSOAR "User1" to an investigation from the War Room command-line interface (CLI)?

  • A. /invite User1
  • B. #User1
  • C. @User1
  • D. !invite User1


Answer : C

Page:    1 / 5   
Exam contains 65 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy