Palo Alto Networks PSE-ENDPOINT dumps - 100% Pass Guarantee!

Traps agents use a default password for uninstallation in the event that they never communicate with their

ESM server.

Identify the password.

A. PaloAlto!

B. Uninstall1

C. No password is required

D. Password1

Assume a Child Process Protection rule exists for powershell.exe in Traps v 4.0. Among the items on the blacklist is ipconfig.exe. How can an administrator permit powershell.exe to execute ipconfig.exe without altering the rest of the blacklist?

A. add ipconfig.exe to the Global Child Processes Whitelist, under Restriction settings.

B. Uninstall and reinstall the traps agent.

C. Create a second Child Process Protection rule for powershell.exe to whitelist ipconfig.exe.

D. Remove ipconfig.exe from the rule's blacklist.

An administrator is concerned about rogue installs of Internet Explorer. Which policy can be created to assure that Internet Explorer can only run from the \Program Files \Internet Explorer \directory?

A. An execution path policy to blacklist iexplore.exe, and whitelist entry for %programfiles%\iexplore.exe

B. An execution path policy to blacklist *\iexplore.exe. Trusted signers will allow the default iexplore.exe

C. A whitelist of *\iexplore.exe with an execution path restriction, and a blackfirst of %system% \iexplore.exe

D. An execution path policy to blacklist *\iexplore.exe, and a whitelist entry for %programfiles%\Internet Explorer\iexplore.exe

An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded. The

administrator wants to evaluate the ability of Traps to protect these systems and the word processing

applications running on them.

How should an administrator perform this evaluation?

A. Run a known 2015 flash exploit on a Windows XP SP3 VM, and run an exploitation tool that acts as a listener. Use the results to demonstrate Traps capabilities.

B. Run word processing exploits in a Windows 7 VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities.

C. Prepare a Windows 7 VM. Gather information about the word processing applications, determine if some of them are vulnerable, and prepare a working exploit for at least one of them. Execute with an exploitation tool.

D. Gather information about the word processing applications and run them on a Windows XP SP3 VM. Determine if any of the applications are vulnerable and run the exploit with an exploitation tool.

An Administrator has identified an EPM-triggered false positive and has used the Create Rule button from within the relevant entry in the Security Events > Preventions > Exploits tab. What is the result of the created rule?

A. The new rule stops all EPM injection into the faulted process.

B. The new rule stops all EPM injection into processes on the machine on which the prevention was triggered.

C. The new rule excludes the endpoint from Traps protection.

D. The new rule will include the EPM that raised the prevention, the process that triggered the prevention, the machine on which the prevention was triggered, and a descriptive name for the rule.