Palo Alto Networks Exam PSE-Endpoint Topic 1 Question 56 Discussion

Actual exam question for Palo Alto Networks's PSE Endpoint Professional Exam exam

Question #: 56
Topic #: 1

[All PSE Endpoint Professional Exam Questions]

Assume a Child Process Protection rule exists for powershell.exe in Traps v 4.0. Among the items on the blacklist is ipconfig.exe. How can an administrator permit powershell.exe to execute ipconfig.exe without altering the rest of the blacklist?

Aadd ipconfig.exe to the Global Child Processes Whitelist, under Restriction settings.

BUninstall and reinstall the traps agent.

CCreate a second Child Process Protection rule for powershell.exe to whitelist ipconfig.exe.

DRemove ipconfig.exe from the rule's blacklist.

Show Suggested Answer

Suggested Answer: A

by Gail at Jan 25, 2024, 12:36 AM

Limited Time Offer

25%

Off

Get Premium PSE-Endpoint Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Joanna

24 days ago

Haha, yeah, this is the kind of question that makes you feel like a real IT ninja. I'm just picturing the admin being like, 'Aha! Tricked you, Traps!'

upvoted 0 times

...

Sherill

25 days ago

Totally, option C is the way to go. Besides, who doesn't love a good ol' workaround? It's like we're being tested on our problem-solving skills here.

upvoted 0 times

Keneth

8 days ago

C) Create a second Child Process Protection rule for powershell.exe to whitelist ipconfig.exe.

upvoted 0 times

...

Aaron

9 days ago

A) add ipconfig.exe to the Global Child Processes Whitelist, under Restriction settings.

upvoted 0 times

...

Mammie

10 days ago

That makes sense. It's always good to find a workaround.

upvoted 0 times

...

Anastacia

11 days ago

C) Create a second Child Process Protection rule for powershell.exe to whitelist ipconfig.exe.

upvoted 0 times

...

Alana

12 days ago

A) add ipconfig.exe to the Global Child Processes Whitelist, under Restriction settings.

upvoted 0 times

...

Alecia

26 days ago

I agree with that logic. The question specifically says we can't alter the rest of the blacklist, so that rules out option D. And uninstalling and reinstalling the agent seems like overkill just to run ipconfig.exe.

upvoted 0 times

...

Rebecka

27 days ago

Hmm, this is an interesting one. I think the answer has to be C - creating a second Child Process Protection rule to whitelist ipconfig.exe. That way, we can maintain the existing blacklist without having to modify it directly.

upvoted 0 times

...