PSE-CORTEX Online Practice Questions and Answers
Which two entities can be created as a BIOC? (Choose two.)
A. file
B. registry
C. event log
D. alert log
Which Cortex XDR Agent capability prevents loading malicious files from USB-connected removable equipment?
A. Agent Configuration
B. Device Control
C. Device Customization
D. Agent Management
Which task allows the playbook to follow different paths based on specific conditions?
A. Conditional
B. Automation
C. Manual
D. Parallel
In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endpoints? (Choose three )
A. alert root cause
B. hostname
C. domain/workgroup membership
D. OS
E. presence of Flash executable
An Administrator is alerted to a Suspicious Process Creation security event from multiple users.
The users believe that these events are false positives Which two steps should the administrator take to confirm the false positives and create an exception? (Choose two )
A. With the Malware Security profile, disable the "Prevent Malicious Child Process Execution" module
B. Within the Malware Security profile add the specific parent process, child process, and command line argument to the child process whitelist
C. In the Cortex XDR security event, review the specific parent process, child process, and command line arguments
D. Contact support and ask for a security exception.
In the DBotScore context field, which context key would differentiate between multiple entries for the same indicator in a multi-TIP environment?
A. Vendor
B. Type
C. Using
D. Brand
What are two manual actions allowed on War Room entries? (Choose two.)
A. Mark as artifact
B. Mark as scheduled entry
C. Mark as note
D. Mark as evidence
Which CLI query would bring back Notable Events from Splunk?
A. ! splunk-search query=" `notable` | head 3"
B. ! splunk-search query=" 'notable' | head 3"
C. ! splunk-search query="*"
D. ! splunk-search query="* | head 3"
What is the retention requirement for Cortex Data Lake sizing?
A. number of endpoints
B. number of VM-Series NGFW
C. number of days
D. logs per second
Which Cortex XDR capability extends investigations to an endpoint?
A. Log Stitching
B. Causality Chain
C. Sensors
D. Live Terminal
What Makes leads4pass.com Differ From Others?
There are tens of thousands of certification exam dumps provided on the internet. To keep the exam dumps valid, the exam questions latest and the exam answers accurate should be the first aim. Also, to make the exam PDF and exam VCE simulator easy to use is very important. Besides, leads4pass.com has 100% pass guarantee policy. Free exam demo is available. Customer support team is ready to help at any time when required.
All rights are reserved by leads4pass.com. Any changes, copy or trademarks abuse will be regarded as infringement. leads4pass.com will reserve the right to pursue accountability.
Copyright © 2004-2025 leads4pass.com.