Palo Alto Networks Exam PSE-Endpoint Topic 1 Question 63 Discussion

Actual exam question for Palo Alto Networks's PSE-Endpoint exam

Question #: 63
Topic #: 1

Assume a Child Process Protection rule exists for powershell.exe in Traps v 4.0. Among the items on the blacklist is ipconfig.exe. How can an administrator permit powershell.exe to execute ipconfig.exe without altering the rest of the blacklist?

Aadd ipconfig.exe to the Global Child Processes Whitelist, under Restriction settings.

BUninstall and reinstall the traps agent.

CCreate a second Child Process Protection rule for powershell.exe to whitelist ipconfig.exe.

DRemove ipconfig.exe from the rule's blacklist.

Show Suggested Answer

Suggested Answer: A

by Nelida at May 08, 2024, 04:06 PM

Limited Time Offer

25%

Off

Get Premium PSE-Endpoint Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Allene

1 years ago

So, looks like C then? It allows flexibility without messing with other rules.

upvoted 0 times

...

Hyun

1 years ago

C works better. Uninstalling and reinstalling the agent (B) is just too much hassle.

upvoted 0 times

...

Jill

1 years ago

I think C makes more sense. Creating another rule specifically for whitelisting ipconfig.exe sounds like a targeted approach.

upvoted 0 times

...

Lauran

1 years ago

I agree. D isn't a good option. Maybe A, adding to the Global Child Processes Whitelist?

upvoted 0 times

...

Georgeanna

1 years ago

Yeah, not sure about this one. Removing ipconfig.exe from the blacklist seems drastic.

upvoted 0 times

...

Dominic

1 years ago

This question seems tricky. What's the best way for powershell.exe to execute ipconfig.exe?

upvoted 0 times

...