PSE-ENDPOINT Online Practice Questions and Answers

To ensure that the Traps VDI tool can obtain verdicts for all unknown files what are the things that needs to be checked? Assuming ESM Console and ESM Server are on different servers. (Choose two.)

A. ESM Server can access WildFire Server

B. Endpoint can access WildFire Server

C. ESM Console can access WildFire Server

D. Endpoint can access ESM Server

In a scenario that macOS Traps logs failed to be uploaded to the forensic folder, where will the user on the macOS host be able to find to collected logs?

A. /ProgramData/Cyvera/Logs

B. /ProgramData/Cyvera/Everyone/Temp

C. /Library/Application Support/Cyvera/BITS Uploads/

D. /Library/Application Support/PaloAltoNetworks/Traps/Upload/

The administrator has added the following whitelist to the WildFire Executable Files policy.

*\mysoftware.exe

What will be the result of this whitelist?

A. users will not be able to run mysoftware.exe.

B. mysoftware.exe will be uploaded to WildFire for analysis

C. mysoftware.exe will not be analyzed by WildFire regardless of the file location.

D. mysoftware.exe will not be analyzed by WildFire, but only if executed from the C drive.

When planning to test a software exploit using a Metasploit module, what two options should be considered about the victim host to ensure success?

A. USB port version of the victim host

B. Speed and make of the victim's RAM

C. software version of the target application

D. platform, architecture, and patch level of the victim host

Once an administrator has successfully instated a Content Update, how is the Content Update applied to endpoint?

A. After Installation on the ESM, an Agent License renewal is required in order to trigger relevant updates.

B. After installation on the ESM, relevant updates occur at the next Heartbeat communication from each endpoint.

C. Installation of a Content Update triggers a proactive push of the update by the ESM server to all endpoints with licensed Traps Agents within the Domain.

D. The Traps Agent must be reinstalled on the endpoint in order to apply the content update. Existing Agents will not be able to take advantage of content updates.

A company discovers through the agent health display in ESM Console that a certain Traps agent is not communicating with ESM Server. Administrators suspect that the problem relates to TLS/SSL. Which troubleshooting step determines if this is an SSL issue?

A. From the agent run the command: telnet (hostname) (port)

B. Check that the Traps service is running

C. From the agent run the command: ping (hostname)

D. Browse to the ESM hostname from the affected agent

When installing the ESM, what role must the database user be assigned in Microsoft SQL?

A. db_owner

B. db_secuirtyadmin

C. db_datawriter

D. db_accessadmin

A customer has an environment with the following: 1,000 agents communicating over SSL with two servers - one containing the ESM Server and another one where the ESM Console is installed BitsUploads resides on the ESM Console server

ESM Server and Console are using the default pods tor communication In a scenario where a file is failing to be uploaded from macOS, which three reasons could be directly related to the failure? (Choose three.)

A. Traps agent is not able to check in with the ESM Server

B. The rate of upload is lower than 100Kb/S

C. The BITS address in the ESM is incorrect

D. Port 2125 is blocked on the server which hosts BitsUploads

E. Port 443 is blocked on the server which hosts BitsUploads

A large manufacturer is planning to roll out Traps to 75,000 endpoints. Their environment consists of three major sites with 24,000 endpoints each, plus about 3,000 remote endpoints in smaller remote locations using always-on VPN connections to a single one of the major sites. The customer wants to minimize network traffic between the major sites, but all endpoints have internet access. The customer is looking for a centrally managed solution with common reporting and management for all endpoints in the environment. Which design option would be appropriate for this environment?

A. Place the Traps database. ESM Console and two ESM core servers in the large site hosting the VPN gateway, and force all endpoints to use VPN at all times.

B. Place the Traps database, ESM Console and seven ESM core servers in a public-cloud environment where the ESM Core servers are accessible from the internet.

C. Place a Traps database, ESM Console and an ESM core server in each of the three large sites.

D. Place the Traps database and ESM Console in one of the major sites, and one ESM core server in each of the three major sites.

A customer plans to test the malware prevention capabilities of Traps. It has defined this policy. Local analysis is enabled Quarantining of malicious files is enabled Files are to be uploaded to WildFire

No executables have been whitelisted or blacklisted in the ESM Console Hash Control screen. Malware sample A has a verdict of Malicious in the WildFire service. Malware sample B is unknown to WildFire. Which behavior will result?

A. WildFire will block sample A as known malware; sample B will be blocked as an unknown binary while the file is analyzed by WildFire for a final verdict.

B. Hash Control already knows sample A locally in the endpoint cache and will block it. Sample B will not be blocked by WildFire, but will be blocked by the local analysis engine.

C. WildFire will block sample A as known malware, and sample B will compromise the endpoint because it is new and ESM Server has not obtained the required signatures.

D. WildFire will block sample A as known malware; sample B will not be blocked by WildFire, but will be evaluated by the local analysis engine and will or will not be blocked, based on its verdict, until WildFire analysis determines the final verdict.

There are two custom policy rules in ESM Console. Policy rule number 1000 turns ROP off for winword.exe. Policy rule number 1001 turns ROP on for winword.exe What is the ROP module status for winword.exe?

A. Due to the collision in the policy rules, ROP is enabled in notification mode.

B. The lower numbered policy rule takes precedence. ROP is off for winword.exe

C. The higher numbered policy rule takes precedence. ROP is on for winword.exe

D. The default policy rule takes precedence over both policy rules 1000 and 1001 and disables ROP for winword.exe

What is the default interval for Traps agents to communicate via heartbeat to the ESM?

A. Every 1 Minute

B. Every 1 Hour

C. Every 1 Day

D. Every 1 year

An administrator has installed Traps 4.0. The administrator wants to test the malware protections provided. What sample should they use to test the protections provided by Traps?

A. A sample with a low number of hits in Virus Total

B. A toolbar package known to be flagged as grayware by Traps

C. A sample known to generate false positives in the production environment

D. An MS Office document which contains a ransomware macro

A company is using a Web Gateway/Proxy for all outbound connections. The company has deployed Traps within the domain and in testing, discovered that the ESM Servers are unable to communicate with WildFire. All other Traps features are working.

What is the most likely cause of the issue?

A. The administrator needs to configure WildFire proxy settings in each Agent Console.

B. The administrator needs to configure WildFire proxy settings in the ESM Console and in each Agent Console.

C. The Administrator needs to purchase the additional site license required for WildFire.

D. The Administrator needs to configure WildFire proxy settings in the ESM Console.

Files are not getting a WildFire verdict.

What is one way to determine whether there is a BITS issue?

A. Check the upload status in the hash control screen.

B. Run a telnet command between Traps agent and ESM Server on port 2125.

C. Use PowerShell to test upload using HTTP POST method.

D. Initiate a "Send support file" from the agent.