PSE-Cortex Questions Bank

Palo Alto Networks System Engineer - Cortex Professional Questions and Answers

Question 29

The customer has indicated they need EDR data collection capabilities, which Cortex XDR license is required?

Options:

Cortex XDR Pro per TB

Cortex XDR Prevent

Cortex XDR Endpoint

Cortex XDR Pro Per Endpoint

Question 30

Which Cortex XDR license is required for a customer that requests endpoint detection and response (EDR) data collection capabilities?

Options:

Cortex XDR Pro per TB

Cortex XDR Endpoint

Cortex XDR Prevent

Cortex XDR Pro Per Endpoint

Question 31

Which statement applies to the differentiation of Cortex XDR from security information and event management (SIEM)?

Options:

SIEM has access to raw logs from agents, where Cortex XDR traditionally only gets alerts.

Cortex XDR allows just logging into the console and out of the box the events were blocked as a proactive approach.

Cortex XDR requires a large and diverse team of analysts and up to several weeks for simple actions like creating an alert.

SIEM has been entirely designed and built as cloud-native, with the ability to stitch together cloud logs, on-premises logs, third-party logs, and endpoint logs.

Question 32

Which command-line interface (CLI) query would retrieve the last three Splunk events?

Options:

!search using=splunk_instance_1 query="* | last 3"

!search using=splunk_instance_1 query="* | 3"

!query using=splunk_instance_1 query="* | last 3"

!search using=splunk_instance_1 query="* | head 3"

Month End Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Palo Alto Networks System Engineer - Cortex Professional Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

CompTIA

Fortinet

Microsoft

Salesforce