PSE-CORTEX Online Practice Questions and Answers

A General Purpose Dynamic Section can be added to which two layouts for incident types? (Choose two)

A. "Close" Incident Form

B. Incident Summary

C. Incident Quick View

D. "New"/Edit" Incident Form

Which option describes a Load-Balancing Engine Group?

A. A group of engines that use an algorithm to efficiently share the workload for integrations

B. A group of engines that ensure High Availability of Demisto backend databases.

C. A group of engines that use an algorithm to efficiently share the workload for automation scripts

D. A group of D2 agents that share processing power across multiple endpoints

During the TMS instance activation, a tenant (Customer) provides the following information for the fields in the Activation - Step 2 of 2 window.

During the service instance provisioning which three DNS host names are created? (Choose three.)

A. cc-xnet50.traps.paloaltonetworks.com

B. hc-xnet50.traps.paloaltonetworks.com

C. cc-xnet.traps.paloaltonetworks.com

D. cc.xnet50traps.paloaltonetworks.com

E. xnettraps.paloaltonetworks.com

F. ch-xnet.traps.paloaltonetworks.com

An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.

What is the safest way to do it?

A. The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console

B. The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.

C. The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

D. The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

A. #Bob

B. /invite Bob

C. @Bob

D. !invite Bob

An antivirus refresh project was initiated by the IT operations executive. Who is the best source for discussion about the project's operational considerations'?

A. endpoint manager

B. SOC manager

C. SOC analyst

D. desktop engineer

Given the exception thrown in the accompanying image by the Demisto REST API integration, which action would most likely solve the problem?

Desmisto REST API

Name: Demisto REST API_instance_1

Demisto Server URL: https://127.0.0.1

Demisto Server API Key: *******

User system proxy settings

Use sigle engine: No engine

! Script failed to run: Demisto REST APIs-

Request Failed.

Status code:1

Body:{"StatusCode":-1,"Status":"Get https://127.0.0.1/user:x509;cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs","Cookies":

[],"Body":"","Bytes":[],"Headers":{},"Path":"}, at sendRequest(script:59:23(79)):(2603)

Which two playbook functionalities allow looping through a group of tasks during playbook execution? (Choose two.)

A. Generic Polling Automation Playbook

B. Playbook Tasks

C. Sub-Play books

D. Playbook Functions

Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types? (Choose three.)

A. Define whether a playbook runs automatically when an incident type is encountered

B. Set reminders for an incident SLA

C. Add new fields to an incident type

D. Define the way that incidents of a specific type are displayed in the system

E. Drop new incidents of the same type that contain similar information

When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the REST API?

A. splunk-get-alerts integration command

B. Cortex XSOAR TA App for Splunk

C. SplunkSearch automation

D. SplunkGO integration

How does DBot score an indicator that has multiple reputation scores?

A. uses the most severe score scores

B. the reputation as undefined

C. uses the average score

D. uses the least severe score

What is the difference between an exception and an exclusion?

A. An exception is based on rules and exclusions are on alerts

B. An exclusion is based on rules and exceptions are based on alerts.

C. An exception does not exist

D. An exclusion does not exist

How does an "inline" auto-extract task affect playbook execution?

A. Doesn't wait until the indicators are enriched and continues executing the next step

B. Doesn't wait until the indicators are enriched but populate context data before executing the next

C. step. Wait until the indicators are enriched but doesn't populate context data before executing the next step.

D. Wait until the indicators are enriched and populate context data before executing the next step.

How many use cases should a POC success criteria document include?

A. only 1

B. 3 or more

C. no more than 5

D. no more than 2

Which CLI query would bring back Notable Events from Splunk?

A. ! splunk-search query=" `notable` | head 3"

B. ! splunk-search query=" 'notable' | head 3"

C. ! splunk-search query="*"

D. ! splunk-search query="* | head 3"

Which two filter operators are available in Cortex XDR? (Choose two.)

A. not Contains

B. !*

C. =>

D. < >