Palo Alto Networks PSE-Cortex Exam - Topic 1 Question 38 Discussion

Actual exam question for Palo Alto Networks's PSE-Cortex exam

Question #: 38
Topic #: 1

An administrator of a Cortex XDR protected production environment would like to test its ability to protect users from a known flash player exploit.

What is the safest way to do it?

AThe administrator should attach a copy of the weapomzed flash file to an email, send the email to a selected group of employees, and monitor the Events tab on the Cortex XDR console

BThe administrator should use the Cortex XDR tray icon to confirm his corporate laptop is fully protected then open the weaponized flash file on his machine, and monitor the Events tab on the Cortex XDR console.

CThe administrator should create a non-production Cortex XDR test environment that accurately represents the production environment, introduce the weaponized flash file, and monitor the Events tab on the Cortex XDR console.

DThe administrator should place a copy of the weaponized flash file on several USB drives, scatter them around the office and monitor the Events tab on the Cortex XDR console

Show Suggested Answer

Suggested Answer: C

by Blondell at May 27, 2023, 01:33 PM

Limited Time Offer

25%

Off

Get Premium PSE-Cortex Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Nada

3 months ago

I thought Flash was dead? Why are we even testing this?

upvoted 0 times

...

Rebbecca

3 months ago

Scattering USB drives? That sounds risky and kinda silly.

upvoted 0 times

...

Fausto

4 months ago

Wait, why would anyone use option A? That's just asking for trouble.

upvoted 0 times

...

Kirby

4 months ago

Totally agree, testing in a non-production environment is key!

upvoted 0 times

...

Curt

4 months ago

Option C seems like the safest bet.

upvoted 0 times

...

Eura

4 months ago

I have a vague recollection that testing directly on production systems is risky, so I wouldn't choose A or B.

upvoted 0 times

...

Alica

4 months ago

I feel like we practiced a similar question where using a test environment was emphasized. Option C sounds familiar.

upvoted 0 times

...

Laurel

5 months ago

I'm not entirely sure, but I think sending an email with the exploit could lead to unintended consequences.

upvoted 0 times

...

Elfrieda

5 months ago

I remember discussing the importance of testing in a safe environment, so option C seems like the best choice.

upvoted 0 times

...

Lisandra

5 months ago

I'm a bit confused on this one. Is the ICM script also required, or is that just for the overall call flow? I'll have to double-check my understanding.

upvoted 0 times

...

Curt

5 months ago

The Interoperability Matrix Tool and Active IQ Config Advisor seem like the way to go here. I'm confident those will help me verify the compatibility I need.

upvoted 0 times

...

Jacqueline

5 months ago

I'm a bit confused by the wording of these options. Are they trying to trick us or is this a straightforward question? I'll have to re-read it a few times to make sure I'm not missing something.

upvoted 0 times

...

Lyda

5 months ago

Okay, let me see. I know other comprehensive income is for items that aren't included in net profit or loss, so it's probably not B, C, or D since those seem more like income statement items. I'm leaning towards A, but I'll double-check my notes just to be sure.

upvoted 0 times

...