• Author / Uploaded
• andresp_telecom

Citation preview

31/5/2020

Realize Your Potential: paloaltonetworks

Test - Palo Alto Networks Accredited Systems Engineer (PSE): Cortex Associate Accreditation Exam

Test Questions

Question 1 of 25. What are two sources of alert enrichment for Cortex XSOAR? (Choose two.) AutoFocus Cortex Data Lake Cortex XSOAR dashboards SIEMs Mark for follow up

Question 2 of 25. What is the ATT&CK framework? A set of playbooks for orchestrated cyberattacks A rubric for assessing TTP defense A defense strategy for cyber, biological, or nuclear attack A toolkit for hackers Mark for follow up

Question 3 of 25. What should a customer do that wants to keep a set of specific information for every event of a certain type? use Remote Device Control to obtain the information add custom fields to incidents representing events of that type chat about it in the War Room add that information in the Evidence Board when investigating the incident https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=2d695ed1-6ed2-462c-a1b6-b2e4d7939749&evalLvl=5&redirect_url=%2fphnx%2fdriver.aspx%3froutename%3dSocial%2fUniversalProfile%2fTra…

1/8

31/5/2020

Realize Your Potential: paloaltonetworks

Mark for follow up

Question 4 of 25. What is an advantage of the multi-method detection approach used by Cortex XDR over traditional antivirus approaches? It runs in the cloud. It is updated frequently. It is faster than hash comparison. It prevents unknown threats. Mark for follow up

Question 5 of 25. Which statement describes the malware protection flow in Cortex XDR Prevent? A trusted signed file is exempt from local static analysis. A blacklist check is the final step of malware protection flow. Local static analysis happens before a WildFire verdict check. Hash comparisons come after local static analysis. Mark for follow up

Question 6 of 25. In which two ways does Cortex XDR Prevent complement Palo Alto Networks perimeter protection? (Choose two.) Cortex XDR can prevent malevolent process execution spawned by traffic the NGFW allows through. Information about threats is uploaded into Cortex XDR agents from perimeter NGFWs. Cortex XDR agents send signatures about threats directly to Palo Alto Networks firewalls. Endpoints sometimes are operated by their users outside the corporate network perimeter. Mark for follow up

Question 7 of 25. Which statement is true regarding Cortex XDR Prevent Execution Restrictions? https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=2d695ed1-6ed2-462c-a1b6-b2e4d7939749&evalLvl=5&redirect_url=%2fphnx%2fdriver.aspx%3froutename%3dSocial%2fUniversalProfile%2fTra…

2/8

31/5/2020

Realize Your Potential: paloaltonetworks

They are included in regular content updates. They are used to specify which exploit prevention method will be applied to a given process. They are used to blacklist or whitelist files for future processing. They define where and how users can run executable files. Mark for follow up

Question 8 of 25. Which action saves time during attack investigation? exploring multiple endpoints for compromise enriching alert data from multiple sources investigating multiple alerts as a single incident investigating multiple incidents associated with a single alert Mark for follow up

Question 9 of 25. Which function enables a customer to consistently use multiple competing products with similar functions? Cortex Data Lake Cortex XSOAR automation Cortex XDR analysis Cortex XDR integration Mark for follow up

Question 10 of 25. Which function displays an entire picture of an attack including its root cause or delivery point? Cortex SOC Orchestrator Cortex Data Lake Cortex XSOAR Work Plan Cortex XDR incident analysis Mark for follow up https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=2d695ed1-6ed2-462c-a1b6-b2e4d7939749&evalLvl=5&redirect_url=%2fphnx%2fdriver.aspx%3froutename%3dSocial%2fUniversalProfile%2fTra…

3/8

31/5/2020

Realize Your Potential: paloaltonetworks

Question 11 of 25. What’s a subplaybook? an app that underlies a playbook to ensure it flows from task to task an obsolete playbook of inferior quality a playbook used as a task in another playbook an updated playbook that substitutes for an older playbook Mark for follow up

Question 12 of 25. When is an existing Cortex XDR customer a bad prospect for Cortex XSOAR? When Cortex XDR is their “go to” XDR tool. When they already have and use Cortex XSOAR. When they use the ATT&CK rubric to guide their security efforts. When they already have and use AutoFocus. Mark for follow up

Question 13 of 25. Which attack prevention technique does Cortex XDR use? PowerShell Shortcut abuse protection Executive power corruption protection Memory corruption protection Password oversimplicity protection Mark for follow up

Question 14 of 25. Which option best describes the functionality of Cortex XDR Prevent for endpoints? Remediation Detection and response https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=2d695ed1-6ed2-462c-a1b6-b2e4d7939749&evalLvl=5&redirect_url=%2fphnx%2fdriver.aspx%3froutename%3dSocial%2fUniversalProfile%2fTra…

4/8

31/5/2020

Realize Your Potential: paloaltonetworks

Prevention Orchestration Mark for follow up

Question 15 of 25. What is orchestration in the context of SOAR? The ability to control network and endpoint enforcement points Formalization of organized workflows for people and machines Automation of mundane cybersecurity tasks The selection of the right SIEM for the right customer Mark for follow up

Question 16 of 25. Which two analysis methods does WildFire use to detect malware? (Choose two.) executive restriction static program slicing dynamic Mark for follow up

Question 17 of 25. Which sensor captures forensic information about a security event that occurs on an endpoint? Zingbox dynamic inventory agent AutoFocus connector Cortex XDR agent Cortex XSOAR indicator Mark for follow up

https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=2d695ed1-6ed2-462c-a1b6-b2e4d7939749&evalLvl=5&redirect_url=%2fphnx%2fdriver.aspx%3froutename%3dSocial%2fUniversalProfile%2fTra…

5/8

31/5/2020

Realize Your Potential: paloaltonetworks

Question 18 of 25. Which action is required before a new integration can ingest a typed alert and automatically run a playbook for the resulting incident? The playbook must be run manually with that type of alert. The integration must be primed with a test alert of that type. An instance of the integration must be created. The alert source must be made aware through an API of the playbook to be run. Mark for follow up

Question 19 of 25. What is an advantage of Cortex XDR Pro analysis? It puts attack steps in context for security analysts, even when each step in itself may look innocent. It is completely automatic and does not require security analysts for operation. It is quicker than that of any of its competitors. It provides prevention as well as detection and response. Mark for follow up

Question 20 of 25. Which Cortex product provides intelligence to inform alert and incident analysis? Cortex XSOAR Cortex XDR Zingbox AutoFocus Mark for follow up

Question 21 of 25. How does Cortex XDR prevent unknown attacks against endpoints? It keeps an updated version of WildFire hashes with malware verdicts. It uses multiple prevention methods, each with multiple techniques. It uses multiple signature versions to match attack mutations. https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=2d695ed1-6ed2-462c-a1b6-b2e4d7939749&evalLvl=5&redirect_url=%2fphnx%2fdriver.aspx%3froutename%3dSocial%2fUniversalProfile%2fTra…

6/8

31/5/2020

Realize Your Potential: paloaltonetworks

It runs heuristically determined playbooks against the attacks. Mark for follow up

Question 22 of 25. Which advantage is provided by unknown attack prevention? Unknown attack prevention enables quarantine of compromised systems. Unknown attack prevention approaches detect known attacks more quickly than do traditional known attack approaches. Production environments can be protected even before OS patches are applied. Unknown attack prevention facilitates incident root cause analysis. Mark for follow up

Question 23 of 25. How does Cortex XDR use machine learning? It learns about normal user and process behavior in an infrastructure so it can recognize anomalous behavior. It learns about the processes used by a SOC to automate those processes. It learns about all the attacks throughout the world so that it can recognize which attacks are present in an environment. It learns about the processes used in a SOC to provide customized alerts to the right people in the SOC. Mark for follow up

Question 24 of 25. Where can the entire history of group interactions involving an attack response be seen? The Cortex XDR Incident page WildFire AutoFocus The Cortex XSOAR War Room Mark for follow up

Question 25 of 25. Whi h t

bl

d

it

ti

t

ft

t ? (Ch

t

)

https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=2d695ed1-6ed2-462c-a1b6-b2e4d7939749&evalLvl=5&redirect_url=%2fphnx%2fdriver.aspx%3froutename%3dSocial%2fUniversalProfile%2fTra…

7/8

31/5/2020

Realize Your Potential: paloaltonetworks

Which two problems does a security operations team often encounter? (Choose two.) too many alerts too much alert context data too many security products too many security experts Mark for follow up

Save / Return Later

Summary

https://paloaltonetworks.csod.com/Evaluations/EvalLaunch.aspx?loid=2d695ed1-6ed2-462c-a1b6-b2e4d7939749&evalLvl=5&redirect_url=%2fphnx%2fdriver.aspx%3froutename%3dSocial%2fUniversalProfile%2fTra…

8/8