Weekend Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: spcl70

PSE-Cortex PDF

$33

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

PSE-Cortex PDF + Testing Engine

$52.8

$175.99

3 Months Free Update

  • Exam Name: Palo Alto Networks System Engineer - Cortex Professional
  • Last Update: Jul 19, 2025
  • Questions and Answers: 168
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

PSE-Cortex Engine

$39.6

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

PSE-Cortex Practice Exam Questions with Answers Palo Alto Networks System Engineer - Cortex Professional Certification

Question # 6

Which Linux OS command will manually load Docker images onto the Cortex XSOAR server in an air-gapped environment?

A.

sudo repoquery -a --installed

B.

sudo demistoserver-x.x-xxxx.sh -- -tools=load

C.

sudo docker ps load

D.

sudo docker load -i YOUR_DOCKER_FILE.tar

Full Access
Question # 7

Which two filter operators are available in Cortex XDR? (Choose two.)

A.

< >

B.

Contains

C.

=

D.

Is Contained By

Full Access
Question # 8

An EDR project was initiated by a CISO. Which resource will likely have the most heavy influence on the project?

A.

desktop engineer

B.

SOC manager

C.

SOC analyst IT

D.

operations manager

Full Access
Question # 9

Which step is required to prepare the VDI Golden Image?

A.

Review any PE files that WildFire determined to be malicious

B.

Ensure the latest content updates are installed

C.

Run the VDI conversion tool

D.

Set the memory dumps to manual setting

Full Access
Question # 10

Which statement best describes the benefits of the combination of Prisma Cloud, Cortex Xpanse, and partner services?

A.

It achieves comprehensive multi-cloud visibility and security

B It optimizes network performance in multi-cloud environments

B.

It enhances on-premises security measures

C.

It streamlines the cloud migration processes

Full Access
Question # 11

Which technology allows a customer to integrate Cortex Xpanse with third-party applications or services, assets, and IP ranges while leveraging investigation capabilities?

A.

POSTMAN

B.

Webhook

C.

REST API

D KPI

Full Access
Question # 12

In addition to incident volume, which four critical factors must be evaluated to determine effectiveness and ROI on cybersecurity planning and technology?

A.

Analyst, training costs, duplicated, false positives

B.

People, staffing costs, duplicates, false positives

C.

People, security controls, mean time to detect, false positives

D.

Standard operating procedures, staffing costs, duplicates, mean time to respond

Full Access
Question # 13

A General Purpose Dynamic Section can be added to which two layouts for incident types? (Choose two)

A.

"Close" Incident Form

B.

Incident Summary

C.

Incident Quick View

D.

"New"/Edit" Incident Form

Full Access
Question # 14

What is the difference between an exception and an exclusion?

A.

An exception is based on rules and exclusions are on alerts

B.

An exclusion is based on rules and exceptions are based on alerts.

C.

An exception does not exist

D.

An exclusion does not exist

Full Access
Question # 15

A customer has purchased Cortex Data Lake storage with the following configuration, which requires 2 TB of Cortex Data Lake to order:

support for 300 total Cortex XDR clients all forwarding Cortex XDR data with 30-day retention

storage for higher fidelity logs to support Cortex XDR advanced analytics

The customer now needs 1000 total Cortex XDR clients, but continues with 300 clients forwarding Cortex XDR data with 30-day retention.

What is the new total storage requirement for Cortex Data Lake storage to order?

A.

16 TB

B.

4 TB

C.

8 TB

D.

2 TB

Full Access
Question # 16

Why is it important to document notes from the Proof of Value (POV) for post-sales hand off?

A.

To generate additional training material for the POV’s production implementation

B.

To certify that the POV was completed and meets all customer requirements

C.

To allow implementation teams to bypass scooping exercises and shorten delivery time

D.

To ensure the implementation teams understand the customer use cases and priorities

Full Access
Question # 17

The images show two versions of the same automation script and the results they produce when executed in Demisto. What are two possible causes of the exception thrown in the second Image? (Choose two.)

SUCCESS

PSE-Cortex question answer

A.

The modified scnpt was run in the wrong Docker image

B.

The modified script required a different parameter to run successfully.

C.

The dictionary was defined incorrectly in the second script.

D.

The modified script attempted to access a dictionary key that did not exist in the dictionary named "data”

Full Access
Question # 18

Rearrange the steps into the correct order for modifying an incident layout.

PSE-Cortex question answer

Full Access
Question # 19

How does the integration between Cortex Xpanse and Cortex XSOAR benefit security teams?

A.

By enhancing firewall rule management

B.

By enabling automatic incident response actions for internet-based incidents

C.

By providing real-time threat intelligence feeds

D.

By automating endpoint detection and response (EDR) processes

Full Access
Question # 20

Which action should be performed by every Cortex Xpanse proof of value (POV)?

A.

Grant the customer access to the management console immediately following activation.

B.

Provide the customer with an export of all findings at the conclusion of the POV.

C.

Enable all of the attach surface rules to show the highest number of alerts.

D.

Review the mapping in advance to identity a few interesting findings to share with the customer.

Full Access
Question # 21

A Cortex XSOAR customer wants to send a survey to users asking them to input their manager's email for a training use case so the manager can receive status reports on the employee's training. However, the customer is concerned users will provide incorrect information to avoid sending status updates to their manager.

How can Cortex XSOAR most efficiently sanitize user input prior to using the responses in the playbook?

A.

Create a task that sends the survey responses to the analyst via email. If the responses are incorrect, the analyst fills out the correct response in the survey.

B.

Create a manual task to ask the analyst to validate the survey response in the platform.

C.

Create a sub-playbook and import a list of manager emails into XSOAR. Use a conditional task comparison to check if the response matches an email on the list. If no matches are found, loop the sub-playbook and send the survey back to the user until a match is found.

D.

Create a conditional task comparison to check if the response contains a valid email address.

Full Access
Question # 22

What are two manual actions allowed on War Room entries? (Choose two.)

A.

Mark as artifact

B.

Mark as scheduled entry

C.

Mark as note

D.

Mark as evidence

Full Access
Question # 23

What is a requirement when integrating Cortex XSIAM or Cortex XDR with other Palo Alto Networks products?

A.

Advanced logging service license

B.

HTTP Collector

C.

Devices in the same region as XDR/XSIAM

D.

XDR/XSIAM Broker VM

Full Access
Question # 24

What should be configured for a Cortex XSIAM customer who wants to automate the response to certain alerts?

A.

Playbook triggers

B.

Correlation rules

C.

Incident scoring

D.

Data model rules

Full Access
Question # 25

A customer has 2700 endpoints. There is currently concern about recent attacks in their industry and threat intelligence from a third-party subscription. In an attempt to be proactive, phishing simulations have been prioritized, but the customer wants to gain more visibility and remediation capabilities specific to their network traffic.

Which Cortex product provides these capabilities?

Full Access
Question # 26

During the TMS instance activation, a tenant (Customer) provides the following information for the fields in the Activation - Step 2 of 2 window.

PSE-Cortex question answer

During the service instance provisioning which three DNS host names are created? (Choose three.)

A.

cc-xnet50.traps.paloaltonetworks.com

B.

hc-xnet50.traps.paloaltonetworks.com

C.

cc-xnet.traps.paloaltonetworks.com

D.

cc.xnet50traps.paloaltonetworks.com

E.

xnettraps.paloaltonetworks.com

F.

ch-xnet.traps.paloaltonetworks.com

Full Access
Question # 27

If you have a playbook task that errors out. where could you see the output of the task?

A.

/var/log/messages

B.

War Room of the incident

C.

Demisto Audit log

D.

Playbook Editor

Full Access
Question # 28

Which source provides data for Cortex XDR?

A.

VMware NSX

B.

Amazon Alexa rank indicator

C.

Cisco ACI

D.

Linux endpoints

Full Access
Question # 29

A prospect has agreed to do a 30-day POC and asked to integrate with a product that Demisto currently does not have an integration with. How should you respond?

A.

Extend the POC window to allow the solution architects to build it

B.

Tell them we can build it with Professional Services.

C.

Tell them custom integrations are not created as part of the POC

D.

Agree to build the integration as part of the POC

Full Access
Question # 30

Approximately how many Cortex XSOAR marketplace integrations exist?

A.

Between 1-400

B.

Between 400-700

C.

Between 700-2000

D.

Over 2000

Full Access
Question # 31

What does the Cortex XSOAR "Saved by Dbot" widget calculate?

A.

amount saved in Dollars according to actions carried out by all users in Cortex XSOAR across all incidents

B.

amount saved in Dollars by using Cortex XSOAR instead of other products

C.

amount of time saved by each playbook task within an incident

D.

amount of time saved by Dbot's machine learning (ML) capabilities

Full Access
Question # 32

How many use cases should a POC success criteria document include?

A.

only 1

B.

3 or more

C.

no more than 5

D.

no more than 2

Full Access
Question # 33

When analyzing logs for indicators, which are used for only BIOC identification'?

A.

observed activity

B.

artifacts

C.

techniques

D.

error messages

Full Access
Question # 34

The Cortex XDR management service requires which other Palo Alto Networks product?

A.

Directory Sync

B.

Cortex Data Lake

C.

Panorama

D.

Cortex XSOAR

Full Access
Question # 35

On a multi-tenanted v6.2 Cortex XSOAR server, which path leads to the server.log for "Tenant1"?

A.

/var/log/demisto/acc_Tenant1/server.log

B.

/var/log/demisto/Tenant1/server.log

C.

/var/lib/demisto/acc_Tenant1/server.log

D.

/var/lib/demisto/server.log

Full Access
Question # 36

An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.

What is the safest way to do it?

A.

The administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console

B.

The administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.

C.

The administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

D.

The administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

Full Access
Question # 37

What is the primary mechanism for the attribution of attack surface data in Cortex Xpanse?

A.

Active scanning with network-installed agents

B.

Dark web monitoring

C.

Customer-provided asset inventory lists

D.

Scanning from public internet data sources

Full Access
Question # 38

The certificate used for decryption was installed as a trusted toot CA certificate to ensure communication between the Cortex XDR Agent and Cortex XDR Management Console. What action needs to be taken if the administrator determines the Cortex XDR Agents are not communicating with the Cortex XDR Management Console?

A.

add paloaltonetworks.com to the SSL Decryption Exclusion list

B.

enable SSL decryption

C.

disable SSL decryption

D.

reinstall the root CA certificate

Full Access
Question # 39

How do sub-playbooks affect the Incident Context Data?

A.

When set to private, task outputs do not automatically get written to the root context

B.

When set to private, task outputs automatically get written to the root context

C.

When set to global, allows parallel task execution.

D.

When set to global, sub-playbook tasks do not have access to the root context

Full Access
Question # 40

An adversary attempts to communicate with malware running on a network in order to control malware activities or to exfiltrate data from the network.

Which Cortex XDR Analytics alert will this activity most likely trigger?

A.

uncommon local scheduled task creation

B.

malware

C.

new administrative behavior

D.

DNS Tunneling

Full Access
Question # 41

Which two areas of Cortex XDR are used for threat hunting activities? (Choose two.)

A.

indicators of compromise (IOC) rules

B.

query builder

C.

live terminal

D.

host insights module

Full Access
Question # 42

Where is the best place to find official resource material?

A.

Online forums

B.

Video series

C.

Administrator's guide

D.

Technical blogs

Full Access
Question # 43

Which three Demisto incident type features can be customized under Settings > Advanced > Incident Types? (Choose three.)

A.

Define whether a playbook runs automatically when an incident type is encountered

B.

Set reminders for an incident SLA

C.

Add new fields to an incident type

D.

Define the way that incidents of a specific type are displayed in the system

E.

Drop new incidents of the same type that contain similar information

Full Access
Question # 44

What is the requirement for enablement of endpoint and network analytics in Cortex XDR?

A.

Cloud Identity Engine configured and enabled

B.

Network Mapper applet on the Broker VM configured and enabled

C.

Logs from at least 30 endpoints over a minimum of two weeks

D.

Windows DHCP logs ingested via a Cortex XDR collector

Full Access
Question # 45

Which product enables the discovery, exchange, and contribution of security automation playbooks, built into Cortex XSOAR?

A.

XSOAR Threat Intelligence Platform (TIP)

B.

XSOAR Automated Systems

C.

XSOAR Ticketing Systems

D.

XSOAR Marketplace

Full Access
Question # 46

A customer wants to modify the retention periods of their Threat logs in Cortex Data Lake.

Where would the user configure the ratio of storage for each log type?

A.

Within the TMS, create an agent settings profile and modify the Disk Quota value

B.

It is not possible to configure Cortex Data Lake quota for specific log types.

C.

Go to the Cortex Data Lake App in Cloud Services, then choose Configuration and modify the Threat Quota

D.

Write a GPO for each endpoint agent to check in less often

Full Access
Question # 47

Which aspect of Cortex Xpanse allows for visibility over remote workforce risks?

A.

The ability to identify customer assets on residential networks

B.

The use of a VPN connection to scan remote devices

C.

The deployment of a Cortex Xpanse aqent on the remote endpoint

D.

The presence of a portal for remote workers to use for posture checking

Full Access
Question # 48

Which Cortex XDR capability prevents running malicious files from USB-connected removable equipment?

A.

Device customization

B.

Agent configuration

C.

Agent management

D.

Restrictions profile

Full Access
Question # 49

What is the size of the free Cortex Data Lake instance provided to a customer who has activated a TMS tenant, but has not purchased a Cortex Data Lake instance?

A.

10 GB

B.

1 TB

C.

10 TB

D.

100 GB

Full Access
Question # 50

"Bob" is a Demisto user. Which command is used to add 'Bob" to an investigation from the War Room CLI?

A.

#Bob

B.

/invite Bob

C.

@Bob

D.

!invite Bob

Full Access