PSE-Cortex試験無料問題集（170題）「Palo Alto Networks System Engineer

出題：1

Which two types of indicators of compromise (IOCs) are available for creation in Cortex XDR? (Choose two.)

A. file path

B. hash

C. hostname

D. registry

正解：A,B 解答を投票する

出題：2

Which solution profiles network behavior metadata, not payloads and files, allowing effective operation regardless of encrypted or unencrypted communication protocols, like HTTPS?

A. Security Information and Event Management (SIEM)

B. Network Detection and Response (NDR)

C. endpoint detection and response (EDR)

D. endpoint protection platform (EPP)

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which two methods does the Cortex XDR agent use to identify malware during a scheduled scan? (Choose two.)

A. signature comparison

B. WildFire hash comparison

C. dynamic analysis

D. heuristic analysis

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

What does Cortex Xpanse ingest from XDR endpoints?

A. Public IP addresses

B. MAC addresses

C. Hostnames

D. User-agent data

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Which Cortex XDR capability allows for the immediate termination of a process discovered during investigation of a security event?

A. Log stitching

B. live sensor

C. file explorer

D. live terminal

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.
What is the safest way to do it?

A. The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console

B. The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

C. The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.

D. The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

正解：D 解答を投票する

出題：7

Which integration allows data to be pushed from Cortex XSOAR into Splunk?

A. Demisto App for Splunk integration

B. SplunkUpdate integration

C. ArcSight ESM integration

D. SplunkPY integration

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

A General Purpose Dynamic Section can be added to which two layouts for incident types? (Choose two)

A. "New"/Edit" Incident Form

B. Incident Summary

C. Incident Quick View

D. "Close" Incident Form

正解：B,C 解答を投票する

出題：9

What are two ways a customer can configure user authentication access Cortex Xpanse? (Choose two.)

A. RADIUS

B. Secure Shell (SSH)

C. Customer Support Portal

D. SAML

正解：C,D 解答を投票する

出題：10

Which Cortex XSIAM license is required if an organization needs to protect a cloud Kubernetes host?

A. Identity Threat Detection and Response

B. Cortex XSIAM Enterprise

C. Cortex XSIAM Enterprise Plus

D. Attack Surface Management

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

PSE-Cortex試験無料問題集「Palo Alto Networks System Engineer - Cortex Professional 認定」