Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

PSE-Cortex Palo Alto Networks System Engineer - Cortex Professional Questions and Answers

Questions 4

Which type of log is ingested natively in Cortex XDR Pro per TB?

Options:

A.

Google Kubernetes Engine

B.

Demisto

C.

Docker

D.

Microsoft Office 365

Buy Now
Questions 5

How can you view all the relevant incidents for an indicator?

Options:

A.

Linked Incidents column in Indicator Screen

B.

Linked Indicators column in Incident Screen

C.

Related Indicators column in Incident Screen

D.

Related Incidents column in Indicator Screen

Buy Now
Questions 6

Which task setting allows context output to a specific key?

Options:

A.

extend context

B.

stop on errors

C.

task output

D.

lags

Buy Now
Questions 7

Which Cortex XDR license is required for a customer that requests endpoint detection and response (EDR) data collection capabilities?

Options:

A.

Cortex XDR Pro per TB

B.

Cortex XDR Endpoint

C.

Cortex XDR Prevent

D.

Cortex XDR Pro Per Endpoint

Buy Now
Questions 8

Which two entities can be created as a behavioral indicator of compromise (BIOC)? (Choose two.)

Options:

A.

process

B.

data

C.

event alert

D.

network

Buy Now
Questions 9

Which consideration should be taken into account before deploying Cortex XSOAR?

Options:

A.

Which cybersecurity framework to implement for Secure Operations Center (SOC) operations

B.

Whether communication with internal or external applications is required

C.

How to configure network firewalls for optimal performance

D.

Which endpoint protection software to integrate with Cortex XSOAR

Buy Now
Questions 10

A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 CVE-2016-0189 has been selected and a module in Metasploit has been identified

(exploit/windows/browser/ms16_051_vbscript)

The description and current configuration of the exploit are as follows;

PSE-Cortex Question 10

What is the remaining configuration?

A)

PSE-Cortex Question 10

B)

PSE-Cortex Question 10

C)

PSE-Cortex Question 10

D)

PSE-Cortex Question 10

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 11

The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?

Options:

A.

Cortex XDR Pro per TB

B.

Cortex XDR Prevent

C.

Cortex XDR Endpoint

D.

Cortex XDR Pro Per Endpoint

Buy Now
Questions 12

During the TMS instance activation, a tenant (Customer) provides the following information for the fields in the Activation - Step 2 of 2 window.

PSE-Cortex Question 12

During the service instance provisioning which three DNS host names are created? (Choose three.)

Options:

A.

cc-xnet50.traps.paloaltonetworks.com

B.

hc-xnet50.traps.paloaltonetworks.com

C.

cc-xnet.traps.paloaltonetworks.com

D.

cc.xnet50traps.paloaltonetworks.com

E.

xnettraps.paloaltonetworks.com

F.

ch-xnet.traps.paloaltonetworks.com

Buy Now
Questions 13

On a multi-tenanted v6.2 Cortex XSOAR server, which path leads to the server.log for "Tenant1"?

Options:

A.

/var/log/demisto/acc_Tenant1/server.log

B.

/var/log/demisto/Tenant1/server.log

C.

/var/lib/demisto/acc_Tenant1/server.log

D.

/var/lib/demisto/server.log

Buy Now
Questions 14

Which solution profiles network behavior metadata, not payloads and files, allowing effective operation regardless of encrypted or unencrypted communication protocols, like HTTPS?

Options:

A.

endpoint protection platform (EPP)

B.

Security Information and Event Management (SIEM)

C.

endpoint detection and response (EDR)

D.

Network Detection and Response (NDR)

Buy Now
Questions 15

What are two ways Cortex XSIAM monitors for issues with data ingestion? (Choose two.)

Options:

A.

The Data Ingestion Health page identifies deviations from normal patterns of log collection

B.

The Cortex XSIAM Command Center dashboard will display a red icon if a data source is having issues.

C.

The tenant’s compute units consumption will change dramatically, indicating a collection issue.

D.

It automatically runs a copilot playbook to troubleshoot and resolve ingestion issues.

Buy Now
Questions 16

Which feature of Cortex XSIAM helps analyst reduce the noise and false positives that often plague traditional SIEM systems?

Options:

A.

Alert range indicators

B.

Al-generated correlation rules

C.

Automatic incident scoring

D.

Dynamic alarm fields

Buy Now
Questions 17

What are two manual actions allowed on War Room entries? (Choose two.)

Options:

A.

Mark as artifact

B.

Mark as scheduled entry

C.

Mark as note

D.

Mark as evidence

Buy Now
Questions 18

Which playbook functionality allows grouping of tasks to create functional building blocks?

Options:

A.

playbook features

B.

sub-playbooks

C.

conditional tasks

D.

manual tasks

Buy Now
Questions 19

Which two log types should be configured for firewall forwarding to the Cortex Data Lake for use by Cortex XDR? (Choose two)

Options:

A.

Security Event

B.

HIP

C.

Correlation

D.

Analytics

Buy Now
Questions 20

When preparing the golden image in a Cortex XDR Virtual Desktop Infrastructure (VDI) deployment, which step is required?

Options:

A.

Disable automatic memory dumps.

B.

Scan the image using the imagepreptool.

C.

Launch the VDI conversion tool.

D.

Enable the VDI license timeout.

Buy Now
Questions 21

Which two troubleshooting steps should be taken when an integration is failing to connect? (Choose two.)

Options:

A.

Ensure the playbook is set to run in quiet mode to minimize CPU usage and suppress errors

B.

Confirm the integration credentials or API keys are valid.

C.

Check the integration logs and enable a higher logging level, if needed, view the specific error.

D.

Confirm there are no dashboards or reports configured to use that integration instance.

Buy Now
Questions 22

Which technology allows a customer to integrate Cortex Xpanse with third-party applications or services, assets, and IP ranges while leveraging investigation capabilities?

Options:

A.

POSTMAN

B.

Webhook

C.

REST API

D KPI

Buy Now
Questions 23

Which integration allows data to be pushed from Cortex XSOAR into Splunk?

Options:

A.

ArcSight ESM integration

B.

SplunkUpdate integration

C.

Demisto App for Splunk integration

D.

SplunkPY integration

Buy Now
Questions 24

An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.

What is the safest way to do it?

Options:

A.

The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console

B.

The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.

C.

The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

D.

The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

Buy Now
Questions 25

Which CLI query would bring back Notable Events from Splunk?

A)

PSE-Cortex Question 25

B)

PSE-Cortex Question 25

C)

PSE-Cortex Question 25

D)

PSE-Cortex Question 25

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 26

Which deployment type supports installation of an engine on Windows, Mac OS. and Linux?

Options:

A.

RPM

B.

SH

C.

DEB

D.

ZIP

Buy Now
Questions 27

Which integration allows searching and displaying Splunk results within Cortex XSOAR?

Options:

A.

SplunkPY integration

B.

Demisto App for Splunk integration

C.

XSOAR REST API integration

D.

Splunk integration

Buy Now
Questions 28

Which source provides data for Cortex XDR?

Options:

A.

VMware NSX

B.

Amazon Alexa rank indicator

C.

Cisco ACI

D.

Linux endpoints

Buy Now
Questions 29

Which two filter operators are available in Cortex XDR? (Choose two.)

Options:

A.

< >

B.

Contains

C.

=

D.

Is Contained By

Buy Now
Questions 30

An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them

How should an administrator perform this evaluation?

Options:

A.

Gather information about the word processing applications and run them on a Windows XP SP3 VM Determine if any of the applications are vulnerable and run the exploit with an exploitation tool

B.

Run word processing exploits in a latest version of Windows VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities

C.

Run a known 2015 flash exploit on a Windows XP SP3 VM. and run an exploitation tool that acts as a listener Use the results to demonstrate Traps capabilities

D.

Prepare the latest version of Windows VM Gather information about the word processing applications, determine if some of them are vulnerable and prepare a working exploit for at least one of them Execute with an exploitation tool

Buy Now
Questions 31

A Cortex XSIAM customer is unable to access their Cortex XSIAM tenant.

Which resource can the customer use to validate the uptime of Cortex XSIAM?

Options:

A.

Administrator Guide

B.

LIVEcommunity

C.

Release Notes

D.

Palo Alto Networks Status Page

Buy Now
Questions 32

Which statement applies to the malware protection flow of the endpoint agent in Cortex XSIAM?

Options:

A.

A tile from an allowed signer is exempt from local analysis.

B.

Local analysis always happens before a WildFire verdict check.

C.

Hash comparisons come after local static analysis.

D.

The block list is verified in the final step.

Buy Now
Questions 33

Which action should be performed by every Cortex Xpanse proof of value (POV)?

Options:

A.

Grant the customer access to the management console immediately following activation.

B.

Provide the customer with an export of all findings at the conclusion of the POV.

C.

Enable all of the attach surface rules to show the highest number of alerts.

D.

Review the mapping in advance to identity a few interesting findings to share with the customer.

Buy Now
Questions 34

An antivirus refresh project was initiated by the IT operations executive. Who is the best source for discussion about the project's operational considerations'?

Options:

A.

endpoint manager

B.

SOC manager

C.

SOC analyst

D.

desktop engineer

Buy Now
Questions 35

Which task allows the playbook to follow different paths based on specific conditions?

Options:

A.

Conditional

B.

Automation

C.

Manual

D.

Parallel

Buy Now
Questions 36

In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three.)

Options:

A.

Domain/workgroup membership

B.

quarantine status

C.

hostname

D.

OS

E.

attack threat intelligence tag

Buy Now
Questions 37

Which element displays an entire picture of an attack, including the root cause or delivery point?

Options:

A.

Cortex XSOAR Work Plan

B.

Cortex SOC Orchestrator

C.

Cortex Data Lake

D.

Cortex XDR Causality View

Buy Now
Questions 38

Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command-and-control (C2) traffic.

What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall?

Options:

A.

Have XSOAR automatically add the IP address to a threat intelligence management (TIM) malicious IP list to elevate priority of future alerts.

B.

Have XSOAR automatically add the IP address to a deny rule in the firewall.

C.

Have XSOAR automatically add the IP address to an external dynamic list (EDL) used by the firewall.

D.

Have XSOAR automatically create a NetOps ticket requesting a configuration change to the firewall to block the IP.

Buy Now
Questions 39

Which two types of indicators of compromise (IOCs) are available for creation in Cortex XDR? (Choose two.)

Options:

A.

registry

B.

file path

C.

hash

D.

hostname

Buy Now
Questions 40

Which two entities can be created as a BIOC? (Choose two.)

Options:

A.

file

B.

registry

C.

event log

D.

alert log

Buy Now
Questions 41

What are two reasons incident investigation is needed in Cortex XDR? (Choose two.)

Options:

A.

No solution will stop every attack requiring further investigation of activity.

B.

Insider Threats may not be blocked and initial activity may go undetected.

C.

Analysts need to acquire forensic artifacts of malware that has been blocked by the XDR agent.

D.

Detailed reports are needed for senior management to justify the cost of XDR.

Buy Now
Questions 42

A customer is hesitant to directly connect their network to the Cortex platform due to compliance restrictions.

Which deployment method should the customer use to ensure secure connectivity between their network and the Cortex platform?

Options:

A.

Elasticsearch

B.

Broker VM

C.

Syslog collector

D.

Windows Event Collector

Buy Now
Questions 43

In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?

Options:

A.

Vendor

B.

Type

C.

Using

D.

Brand

Buy Now
Questions 44

What is a benefit of user entity behavior analytics (UEBA) over security information and event management (SIEM)?

Options:

A.

SIEMs supports only agentless scanning, not agent-based workload protection across VMs, containers/Kubernetes.

B.

UEBA can add trusted signers of Windows or Mac processes to a whitelist in the Endpoint Security Manager (ESM) Console.

C.

SIEMs have difficulty detecting unknown or advanced security threats that do not involve malware, such as credential theft.

D.

UEBA establishes a secure connection in which endpoints can be routed, and it collects and forwards logs and files for analysis.

Buy Now
Questions 45

Which option is required to prepare the VDI Golden Image?

Options:

A.

Configure the Golden Image as a persistent VDI

B.

Use the Cortex XDR VDI tool to obtain verdicts for all PE files

C.

Install the Cortex XOR Agent on the local machine

D.

Run the Cortex VDI conversion tool

Buy Now
Questions 46

Which four types of Traps logs are stored within Cortex Data Lake?

Options:

A.

Threat, Config, System, Data

B.

Threat, Config, System, Analytic

C.

Threat, Monitor. System, Analytic

D.

Threat, Config, Authentication, Analytic

Buy Now
Questions 47

Rearrange the steps into the correct order for modifying an incident layout.

PSE-Cortex Question 47

Options:

Buy Now
Questions 48

Given the integration configuration and error in the screenshot what is the cause of the problem?

PSE-Cortex Question 48

Options:

A.

incorrect instance name

B.

incorrect Username and Password

C.

incorrect appliance port

D.

incorrect server URL

Buy Now
Questions 49

What are two ways a customer can configure user authentication access Cortex Xpanse? (Choose two.)

Options:

A.

Secure Shell (SSH)

B.

SAML

C.

RADIUS

D.

Customer Support Portal

Buy Now
Questions 50

What allows the use of predetermined Palo Alto Networks roles to assign access rights to Cortex XDR users?

Options:

A.

role-based access control

B.

cloud identity engine

C.

endpoint groups

D.

restrictions security profile

Buy Now
Exam Code: PSE-Cortex
Exam Name: Palo Alto Networks System Engineer - Cortex Professional
Last Update: May 9, 2025
Questions: 168

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now PSE-Cortex testing engine

PDF (Q&A)

$36.75  $104.99
buy now PSE-Cortex pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 09 May 2025