PSE-Cortex-Pro-24 Questions and Answers

To execute playbooks, scripts, commands, and integrations

To manage multiple Cortex XSOAR tenants

To provide a user interface for security analysts

To store and manage incident data, remediation plans, and documentation

add paloaltonetworks.com to the SSL Decryption Exclusion list

enable SSL decryption

disable SSL decryption

reinstall the root CA certificate

Ensure the playbook is set to run in quiet mode to minimize CPU usage and suppress errors

Confirm the integration credentials or API keys are valid.

Check the integration logs and enable a higher logging level, if needed, view the specific error.

Confirm there are no dashboards or reports configured to use that integration instance.

Security Orchestration, Automation and Response

Security Information and Event Management

Managed Detection and Response

Network Detection and Response

The Cortex XSOAR server at the first site must be able to initiate a connection to the Cortex XSOAR engine at the second site.

All connectivity is initiated from the Cortex XSOAR server on the first site via a managed cloud proxy.

Dedicated site-to-site virtual private network (VPN) is required for the Cortex XSOAR server at the first site to initiate a connection to the Cortex XSOAR engine at the second site.

The Cortex XSOAR engine at the first site must be able to initiate a connection to the Cortex XSOAR server at the second site.

By developing an integration.

By responding to management with risk scores

By purging unopened phishing email from user mailboxes

By emailing staff to inform them of phishing attack in advance

POSTMAN

Webhook

REST API

D KPI

endpoint protection platform (EPP)

Security Information and Event Management (SIEM)

endpoint detection and response (EDR)

Network Detection and Response (NDR)

SIEM has access to raw logs from agents, where Cortex XDR traditionally only gets alerts.

Cortex XDR allows just logging into the console and out of the box the events were blocked as a proactive approach.

Cortex XDR requires a large and diverse team of analysts and up to several weeks for simple actions like creating an alert.

SIEM has been entirely designed and built as cloud-native, with the ability to stitch together cloud logs, on-premises logs, third-party logs, and endpoint logs.

amount saved in Dollars according to actions carried out by all users in Cortex XSOAR across all incidents

amount saved in Dollars by using Cortex XSOAR instead of other products

amount of time saved by each playbook task within an incident

amount of time saved by Dbot's machine learning (ML) capabilities

Log Stitching

Causality Chain

Sensors

Live Terminal

Response > Action Center

the local console

Telnet

Endpoint > Endpoint Management

Device customization

Agent configuration

Agent management

Restrictions profile

Online forums

Video series

Administrator's guide

Technical blogs

Must be in a Load-Balancing group with at least another 3 members

It must have port 443 open to allow the Demisto Server to establish a connection

Can be used separately as an engine, only if connected to the Demisto Server directly

Cannot be used separately and does not appear in the in the engines drop-down menu when configuring an integration instance

Between 1-400

Between 400-700

Between 700-2000

Over 2000

< >

Contains

=

Is Contained By

Heuristic analysis

Local analysis

Signature comparison

WildFire hash comparison and dynamic analysis

Threat feed integration

Automation daybooks

Parsing rules

Data models

By enhancing firewall rule management

By enabling automatic incident response actions for internet-based incidents

By providing real-time threat intelligence feeds

By automating endpoint detection and response (EDR) processes

It will prevent all threats in the environment.

It is used to enforce license compliance.

It runs automation daybooks on the endpoints.

It provides telemetry for stitching and analytics.

Vendor

Type

Using

Brand

files from War Room CLI WW

incident files section in layout builder

files and attachments filters

/files from War Room CLI

A group of engines that use an algorithm to efficiently share the workload for integrations

A group of engines that ensure High Availability of Demisto backend databases.

A group of engines that use an algorithm to efficiently share the workload for automation scripts

A group of D2 agents that share processing power across multiple endpoints

Disable automatic memory dumps.

Scan the image using the imagepreptool.

Launch the VDI conversion tool.

Enable the VDI license timeout.

Cloud Identity Engine

Managed Threat Hunting

virtual desktop infrastructure (VDI)

Threat Intelligence Platform (TIP)

Administrator Guide

Release Notes

Compatibility Matrix

LIVEcommunitv

The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console

The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.

The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

Option A

Option B

Option C

Option D

alert root cause

hostname

domain/workgroup membership

OS

presence of Flash executable

Administrator Guide

LIVEcommunity

Release Notes

Palo Alto Networks Status Page

Which cybersecurity framework to implement for Secure Operations Center (SOC) operations

Whether communication with internal or external applications is required

How to configure network firewalls for optimal performance

Which endpoint protection software to integrate with Cortex XSOAR

phishing

either

ServiceNow

neither

To generate additional training material for the POV’s production implementation

To certify that the POV was completed and meets all customer requirements

To allow implementation teams to bypass scooping exercises and shorten delivery time

To ensure the implementation teams understand the customer use cases and priorities

Configure the Golden Image as a persistent VDI

Use the Cortex XDR VDI tool to obtain verdicts for all PE files

Install the Cortex XOR Agent on the local machine

Run the Cortex VDI conversion tool

Regex

STIX

CSV

CIDR

Extend the POC window to allow the solution architects to build it

Tell them we can build it with Professional Services.

Tell them custom integrations are not created as part of the POC

Agree to build the integration as part of the POC

When set to private, task outputs do not automatically get written to the root context

When set to private, task outputs automatically get written to the root context

When set to global, allows parallel task execution.

When set to global, sub-playbook tasks do not have access to the root context

/var/log/demisto/acc_Tenant1/server.log

/var/log/demisto/Tenant1/server.log

/var/lib/demisto/acc_Tenant1/server.log

/var/lib/demisto/server.log

role-based access control

cloud identity engine

endpoint groups

restrictions security profile

SplunkPY integration

Demisto App for Splunk integration

XSOAR REST API integration

Splunk integration

RPM

SH

DEB

ZIP

Agent Configuration

Device Control

Device Customization

Agent Management