Join the discussion
Question 1/103
A General Purpose Dynamic Section can be added to which two layouts for incident types?
(Choose two)
(Choose two)
Correct Answer: B,C
Add Comments
- Other Question (103q)
- Q1. A General Purpose Dynamic Section can be added to which two layouts for incident types? (C...
- Q2. What does Cortex Xpanse ingest from XDR endpoints?...
- Q3. An adversary attempts to communicate with malware running on a network in order to control...
- Q4. How do sub-playbooks affect the Incident Context Data?...
- Q5. Which CLI query would bring back Notable Events from Splunk?...
- Q6. Which aspect of Cortex Xpanse allows for visibility over remote workforce risks?...
- Q7. Which task allows the playbook to follow different paths based on specific conditions?...
- Q8. Which three Demisto incident type features can be customized under Settings > Advanced ...
- Q9. What is the result of creating an exception from an exploit security event?...
- Q10. Which three Demisto incident type features can be customized under Settings > Advanced ...
- Q11. In Cortex XDR Prevent, which three matching criteria can be used to dynamically group endp...
- Q12. Which type of log is ingested natively in Cortex XDR Pro per TB?...
- Q13. Cortex XDR external data ingestion processes ingest data from which sources?...
- Q14. What is a requirement when integrating Cortex XSIAM or Cortex XDR with other Palo Alto Net...
- Q15. What is the primary mechanism for the attribution of attack surface data in Cortex Xpanse?...
- Q16. Which source provides data for Cortex XDR?
- Q17. A test for a Microsoft exploit has been planned. After some research Internet Explorer 11 ...
- Q18. When integrating with Splunk, what will allow you to push alerts into Cortex XSOAR via the...
- Q19. An Administrator is alerted to a Suspicious Process Creation security event from multiple ...
- Q20. Which attack method is a result of techniques designed to gain access through vulnerabilit...
- Q21. Given the exception thrown in the accompanying image by the Demisto REST API integration, ...
- Q22. Which three Demisto incident type features can be customized under Settings > Advanced ...
- Q23. When initiated, which Cortex XDR capability allows immediate termination of the process-or...
- Q24. The customer has indicated they need EDR data collection capabilities, which Cortex XDR li...
- Q25. Which Cortex XDR Agent capability prevents loading malicious files from USB-connected remo...
- Q26. How can Cortex XSOAR save time when a phishing incident occurs?...
- Q27. During the TMS instance activation, a tenant (Customer) provides the following information...
- Q28. How does a clear understanding of a customer's technical expertise assist in a hand off fo...
- Q29. Which feature of Cortex Xpanse allows it to identify previously unknown assets?...
- Q30. Which statement applies to a Cortex XSOAR engine that is part of a load-balancing group?...
- Q31. Which deployment type supports installation of an engine on Windows, Mac OS. and Linux?...
- Q32. Which deployment type supports installation of an engine on Windows, Mac OS. and Linux?...
- Q33. Which four types of Traps logs are stored within Cortex Data Lake?...
- Q34. Which feature in Cortex XSIAM extends analytics detections to all mapped network and authe...
- Q35. When preparing for a Cortex XSOAR proof of value (POV), which task should be performed bef...
- Q36. What is the primary purpose of Cortex XSIAM's machine learning led design?...
- Q37. The customer has indicated they need EDR data collection capabilities, which Cortex XDR li...
- Q38. What must a customer deploy prior to collecting endpoint data in Cortex XSIAM?...
- Q39. Which Cortex XDR license is required for a customer that requests endpoint detection and r...
- Q40. Which two log types should be configuredfor firewall forwarding to the Cortex Data Lake fo...
- Q41. A Cortex XSOAR customer wants to ingest emails from a single mailbox. The mailbox brings i...
- Q42. An adversary is attempting to communicate with malware running on your network for the pur...
- Q43. Whichfour types of Traps logs are stored within Cortex Data Lake?...
- Q44. Which two troubleshooting steps should be taken when an integration is failing to connect?...
- Q45. The images show two versions of the same automation script and the results they produce wh...
- Q46. If an anomalous process is discovered while investigating the cause of a security event, y...
- Q47. Which two entities can be created as a BIOC? (Choose two.)...
- Q48. Which statement applies to the differentiation of Cortex XDR from security information and...
- Q49. What integration allows searching and displaying Splunk results within Cortex XSOAR?...
- Q50. Which Linux OS command will manually load Docker images onto the Cortex XSOAR server in an...
- Q51. Which element displays an entire picture of an attack, including the root cause or deliver...
- Q52. When running a Cortex XSIAM proof of value (POV), why is it important to deploy the Cortex...
- Q53. Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command-...
- Q54. How does a clear understanding of a customer's technical expertise assist in a hand off fo...
- Q55. A prospective customer is interested in Cortex XDR but is enable to run a product evaluati...
- Q56. A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demist...
- Q57. During the TMS instance activation, a tenant (Customer) provides the following information...
- Q58. Where is the best place to find official resource material?...
- Q59. Which two formats are supported by Whitelist? (Choose two)...
- Q60. What is a benefit offered by Cortex XSOAR?
- Q61. What is the recommended first step in planning a Cortex XDR deployment?...
- Q62. Which CLI query would bring back Notable Events from Splunk? A) (Exhibit) B) (Exhibit) C) ...
- Q63. If a customer activates a TMS tenant and has not purchased a Cortex Data Lake instance. Pa...
- Q64. What are two capabilities of a War Room? (Choose two.)...
- Q65. A Cortex XSIAM customer is unable to access their Cortex XSIAM tenant. Which resource can ...
- Q66. If a customer activates a TMS tenant and has not purchased a Cortex Data Lake instance. Pa...
- Q67. Why is reputation scoring important in the Threat Intelligence Module of Cortex XSOAR?...
- Q68. How many use cases should a POC success criteria document include?...
- Q69. A Cortex XSOAR customer has a phishing use case in which a playbook has been implemented w...
- Q70. Given the integration configuration and error in the screenshot what is the cause of the p...
- Q71. Which command-line interface (CLI) query would retrieve the last three Splunk events?...
- Q72. Which two items are stitched to the Cortex XDR causality chain'' (Choose two)...
- Q73. Which two actions are required to add indicators to the whitelist? (Choose two.)...
- Q74. Which playbook functionality allows grouping of tasks to create functional building blocks...
- Q75. Which two types of lOCs are available for creation in Cortex XDR? (Choose two.)...
- Q76. The prospect is deciding whether to go with a phishing or a ServiceNow use case as part of...
- Q77. A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demist...
- Q78. How can you view all the relevant incidents for an indicator?...
- Q79. Which two actions are required to add indicators to the whitelist? (Choose two.)...
- Q80. Which attack method is a result of techniques designed to gain access through vulnerabilit...
- Q81. A customer has purchased Cortex XSOAR and has a need to rapidly stand up the product in th...
- Q82. What are two manual actions allowed on War Room entries? (Choose two.)...
- Q83. Which statement applies to the malware protection flow of the endpoint agent in Cortex XSI...
- Q84. If you have a playbook task that errors out. where could you see the output of the task?...
- Q85. What is the primary mechanism for the attribution of attack surface data in Cortex Xpanse?...
- Q86. If you have a playbook task that errors out. where could you see the output of the task?...
- Q87. An administrator of a Cortex XDR protected production environment would like to test its a...
- Q88. Rearrange the steps into the correct order for modifying an incident layout. (Exhibit)...
- Q89. The Cortex XDR management service requires which other Palo Alto Networks product?...
- Q90. In addition to incident volume, which four critical factors must be evaluated to determine...
- Q91. Which two items are stitched to the Cortex XDR causality chain? (Choose two.)...
- Q92. How many use cases should a POC success criteria document include?...
- Q93. Why is Premium Customer Success an important part of any Cortex bill of materials?...
- Q94. Which step is required to prepare the VDI Golden Image?...
- Q95. A customer has 2700 endpoints. There is currently concern about recent attacks in their in...
- Q96. In an Air-Gapped environment where the Docker package was manually installed after the Cor...
- Q97. A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake....
- Q98. What does the Cortex XSOAR "Saved by Dbot" widget calculate?...
- Q99. Which integration allows searching and displaying Splunk results within Cortex XSOAR?...
- Q100. What is a key difference between audit users and full users in Cortex XSOAR?...
- Q101. How does Cortex XSOAR automation save time when a phishing incident occurs?...
- Q102. An administrator has a critical group of systems running Windows XP SP3 that cannot be upg...
- Q103. Which two types of indicators of compromise (IOCs) are available for creation in Cortex XD...
[×]
Download PDF File
Enter your email address to download PaloAltoNetworks.PSE-Cortex.v2025-12-23.q103.pdf