palo alto networks pse-cortex practice test

Which two types of indicators of compromise (IOCs) are available for creation in Cortex XDR? (Choose two.)

• A. registry
• B. file path
• C. hash
• D. hostname

What does the Cortex XSOAR Saved by Dbot widget calculate?

• A. amount saved in Dollars according to actions carried out by all users in Cortex XSOAR across all incidents
• B. amount saved in Dollars by using Cortex XSOAR instead of other products
• C. amount of time saved by each playbook task within an incident
• D. amount of time saved by Dbot's machine learning (ML) capabilities

Which two filter operators are available in Cortex XDR? (Choose two.)

• A. Is Contained By
• B. < >
• C. =
• D. Contains

Which command-line interface (CLI) query would retrieve the last three Splunk events?

• A. !search using=splunk_instance_1 query="* | last 3"
• B. !search using=splunk_instance_1 query="* | 3"
• C. !query using=splunk_instance_1 query="* | last 3"
• D. !search using=splunk_instance_1 query="* | head 3"

Which process in the causality chain does the Cortex XDR agent identify as triggering an event sequence?

• A. causality group owner
• B. chain's alert initiator
• C. adversary's remote process
• D. relevant shell

What does DBot use to score an indicator that has multiple reputation scores?

• A. most severe score
• B. undefined score
• C. average score
• D. least severe score

How do sub-playbooks affect the Incident Context Data?

• A. When set to private, task outputs do not automatically get written to the root context.
• B. When set to global, sub-playbook tasks do not have access to the root context.
• C. When set to global, parallel task execution is allowed.
• D. When set to private, task outputs are automatically written to the root context.

Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command-and-control (C2) traffic.
What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall?

• A. Have XSOAR automatically add the IP address to a threat intelligence management (TIM) malicious IP list to elevate priority of future alerts.
• B. Have XSOAR automatically add the IP address to a deny rule in the firewall.
• C. Have XSOAR automatically add the IP address to an external dynamic list (EDL) used by the firewall.
• D. Have XSOAR automatically create a NetOps ticket requesting a configuration change to the firewall to block the IP.

How can Cortex XSOAR save time when a phishing incident occurs?

• A. It can automatically email staff to warn them about the phishing attack and show them a copy of the email.
• B. It can automatically respond to the phishing email to unsubscribe from future emails.
• C. It can automatically purge the email from user mailboxes in which it has not yet opened.
• D. It can automatically identify every mailbox that received the phish and create corresponding cases for them.

What allows the use of predetermined Palo Alto Networks roles to assign access rights to Cortex XDR users?

• A. role-based access control (RBAC)
• B. cloud identity engine (CIE)
• C. endpoint groups
• D. restrictions security profile