PSE-ENDPOINT Online Practice Questions and Answers

In a scenario that macOS Traps logs failed to be uploaded to the forensic folder, where will the user on the macOS host be able to find to collected logs?

A. /ProgramData/Cyvera/Logs

B. /ProgramData/Cyvera/Everyone/Temp

C. /Library/Application Support/Cyvera/BITS Uploads/

D. /Library/Application Support/PaloAltoNetworks/Traps/Upload/

Traps agents use a default password for uninstallation in the event that they never communicate with their

ESM server.

Identify the password.

A. PaloAlto!

B. Uninstall1

C. No password is required

D. Password1

An administrator is concerned about rogue installs of Internet Explorer. Which policy can be created to assure that Internet Explorer can only run from the \Program Files \Internet Explorer \directory?

A. An execution path policy to blacklist iexplore.exe, and whitelist entry for %programfiles%\iexplore.exe

B. An execution path policy to blacklist *\iexplore.exe. Trusted signers will allow the default iexplore.exe

C. A whitelist of *\iexplore.exe with an execution path restriction, and a blackfirst of %system% \iexplore.exe

D. An execution path policy to blacklist *\iexplore.exe, and a whitelist entry for %programfiles%\Internet Explorer\iexplore.exe

Once an administrator has successfully instated a Content Update, how is the Content Update applied to endpoint?

A. After Installation on the ESM, an Agent License renewal is required in order to trigger relevant updates.

B. After installation on the ESM, relevant updates occur at the next Heartbeat communication from each endpoint.

C. Installation of a Content Update triggers a proactive push of the update by the ESM server to all endpoints with licensed Traps Agents within the Domain.

D. The Traps Agent must be reinstalled on the endpoint in order to apply the content update. Existing Agents will not be able to take advantage of content updates.

A company discovers through the agent health display in ESM Console that a certain Traps agent is not communicating with ESM Server. Administrators suspect that the problem relates to TLS/SSL. Which troubleshooting step determines if this is an SSL issue?

A. From the agent run the command: telnet (hostname) (port)

B. Check that the Traps service is running

C. From the agent run the command: ping (hostname)

D. Browse to the ESM hostname from the affected agent

A large manufacturer is planning to roll out Traps to 75,000 endpoints. Their environment consists of three major sites with 24,000 endpoints each, plus about 3,000 remote endpoints in smaller remote locations using always-on VPN connections to a single one of the major sites. The customer wants to minimize network traffic between the major sites, but all endpoints have internet access. The customer is looking for a centrally managed solution with common reporting and management for all endpoints in the environment. Which design option would be appropriate for this environment?

A. Place the Traps database. ESM Console and two ESM core servers in the large site hosting the VPN gateway, and force all endpoints to use VPN at all times.

B. Place the Traps database, ESM Console and seven ESM core servers in a public-cloud environment where the ESM Core servers are accessible from the internet.

C. Place a Traps database, ESM Console and an ESM core server in each of the three large sites.

D. Place the Traps database and ESM Console in one of the major sites, and one ESM core server in each of the three major sites.

What is the default interval for Traps agents to communicate via heartbeat to the ESM?

A. Every 1 Minute

B. Every 1 Hour

C. Every 1 Day

D. Every 1 year

A company is trying to understand which platform can be installed on their environment: Select the three endpoints where Traps can be installed (Choose three).

A. Windows 10 LTSB with 2 GB RAM, 500MB free disk space and Intel Core i5 CPU

B. Windows 2000 SP4 with 1 GB RAM, 4 GB free disk space and Intel Pentium 4 CPU

C. Apple iPhone 6s

D. Windows Server 2012 R2 Standard Edition in FIPS Mode, with 4GB RAM, 20GB free disk space, running on VMware ESXi.

E. 15" MacBook Pro running macOS 10.12 with 16GB RAM, Intel Core i7 CPU and 100GB tree disk space

Which MSI command line parameters will successfully install a Traps agent using SSL and pointed to server ESM?

A. msiexec /i c:\traps.msi /qn TRAPS_SERVER=ESM USE_SSL_PRIMARY=1

B. msiexec /i c:\traps.msi /qn CYVERA_SERVER=ESM USE_SSL_PRIMARY=1

C. msiexec /i c:\traps.msi /qn ESM_SERVER=ESM USE_SSL_PRIMARY=1

D. msiexec /x c:\traps.msi /qn SERVER=ESM USE_SSL_PRIMARY=1

The ESM policy is set to upload unknowns to WildFire. However, when an unknown is executed the Upload status in ESM Console never displays "Upload in progress", and the verdict remains local analysis or unknown. Even clicking the upload button and checking in does not resolve the Issue. A line in the log file suggests not being able to download a file from "https:/ESMSERVER/BitsUploads/... to C: \ProgramData\Cyvera\Temp\..."

Which solution fixes this problem?

A. Restart BITS service on the endpoint

B. Restart BITS service on ESM

C. Remove and reinstall all the agents without SSL

D. In the ESM Console, use the FQDN in multi ESM