Updated Palo Alto Networks PSE-Endpoint Exam Dumps

Question No: 1

MultipleChoice

The ESM policy is set to upload unknowns to WildFire. However, when an unknown is executed the Upload status in ESM Console never displays "Upload in progress", and the verdict remains local analysis or unknown. Even clicking the upload button and checking in does not resolve the Issue. A line in the log file suggests not being able to download a file from "https:/ESMSERVER/BitsUploads/... to C:\ProgramData\Cyvera\Temp\..."

Which solution fixes this problem?

Options

ARestart BITS service on the endpoint

BRestart BITS service on ESM

CRemove and reinstall all the agents without SSL

DIn the ESM Console, use the FQDN in multi ESM

Question No: 2

MultipleChoice

An administrator has decided to test Traps functionality using malware samples in an isolated non-production environment. In order to effectively test Traps, what three types of samples should the administrator avoid? (Choose three.)

Options

AA sample with a low number of hits in Virus Total

BAn MS Office document which contains a ransomware macro

CA sample known to be flagged as grayware by Traps

DA freeware video application which spawns malicious processes

EA sample known to generate false positives in the production environment.

Question No: 3

MultipleChoice

Traps agents use a default password for uninstallation in the event that they never communicate with their ESM server. Identify the password.

Options

APaloAlto!

BUninstall1

CNo password is required

DPassword1

Question No: 4

MultipleChoice

Which MSI command line parameters will successfully install a Traps agent using SSL and pointed to server ESM?

Options

Amsiexec /i c:\traps.msi /qn TRAPS_SERVER=ESM USE_SSL_PRIMARY=1

Bmsiexec /i c:\traps.msi /qn CYVERA_SERVER=ESM USE_SSL_PRIMARY=1

Cmsiexec /i c:\traps.msi /qn ESM_SERVER=ESM USE_SSL_PRIMARY=1

Dmsiexec /x c:\traps.msi /qn SERVER=ESM USE_SSL_PRIMARY=1

Question No: 5

MultipleChoice

A customer has an environment with the following:

• 1,000 agents communicating over SSL with two servers - one containing the ESM Server and another one where the ESM Console is installed

• BitsUploads resides on the ESM Console server

• ESM Server and Console are using the default pods tor communication

In a scenario where a file is failing to be uploaded from macOS, which three reasons could be directly related to the failure? (Choose three.)

Options

ATraps agent is not able to check in with the ESM Server

BThe rate of upload is lower than 100Kb/S

CThe BITS address in the ESM is incorrect

DPort 2125 is blocked on the server which hosts BitsUploads

EPort 443 is blocked on the server which hosts BitsUploads

Question No: 6

MultipleChoice

The administrator has added the following whitelist to the WildFire Executable Files policy.

*mysoftware.exe

What will be the result of this whitelist?

Options

Ausers will not be able to run mysoftware.exe.

Bmysoftware.exe will be uploaded to WildFire for analysis

Cmysoftware.exe will not be analyzed by WildFire regardless of the file location.

Dmysoftware.exe will not be analyzed by WildFire, but only if executed from the C drive.

Question No: 7

MultipleChoice

An administrator would like to add Google Chrome and Google Chrome Helper to the exploit prevention policy for macOS. In order to achieve this task, which option should be added to the macOS protected processes list?

Options

Achrome app

Bgoogle chrome and google chrome helper

Cchrome*

Dgoogle chrome

Question No: 8

MultipleChoice

Files are not getting a WildFire verdict.

What is one way to determine whether there is a BITS issue?

Options

ACheck the upload status in the hash control screen

BRun a telnet command between Traps agent and ESM Server on port 2125

CUse PowerShell to test upload using HTTP POST method

DInitiate a 'Send support file' from the agent

Question No: 9

MultipleChoice

A deployment contains some machines that are not part of the domain. The Accounting and Sales departments are two of these.

How can a policy of WildFire notification be applied to Accounting, and a policy of WildFire prevention be applied to Sales, while not affecting any other WildFire policies?

Options

ACreate the rules and use the Objects tab to add Accounting and Sales to each rule they should apply to.

BCreate a condition for an application found on an Accounting machine. Use that condition for the Accounting groups rule, and create the rule tor Sales without any conditions.

CCreate two rules for WildFire: one for prevention, and one for notification. Make sure the Accounting rule is numbered higher.

DCreate group-specific registry entries on endpoints. Use these registry entries to create conditions for the WildFire rules

Question No: 10

MultipleChoice

A company is using a Web Gateway/Proxy for all outbound connections. The company has deployed Traps within the domain and in testing, discovered that the ESM Servers are unable to communicate with WildFire. All other Traps features are working. What is the most likely cause of the issue?

Options

AThe administrator needs to configure WildFire proxy settings in each Agent Console.

BThe administrator needs to configure WildFire proxy settings in the ESM Console and in each Agent Console.

CThe Administrator needs to purchase the additional site license required for WildFire.

DThe Administrator needs to configure WildFire proxy settings in the ESM Console.

Question No: 11

MultipleChoice

Which software category is most likely to cause a conflict with the Traps agent?

Options

AExploit prevention software

BWeb browser software

CWeb meeting and collaboration software

DFull disk encryption software

Question No: 12

MultipleChoice

What is the default interval for Traps agents to communicate via heartbeat to the ESM?

Options

AEvery 1 Minute

BEvery 1 Hour

CEvery 1 Day

DEvery 1 year

Question No: 13

MultipleChoice

In a scenario that macOS Traps logs failed to be uploaded to the forensic folder, where will the user on the macOS host be able to find to collected logs?

Options

A/ProgramData/Cyvera/Logs

B/ProgramData/Cyvera/Everyone/Temp

C/Library/Application Support/Cyvera/BITS Uploads/

D/Library/Application Support/PaloAltoNetworks/Traps/Upload/

Question No: 14

MultipleChoice

An Administrator has identified an EPM-triggered false positive and has used the Create Rule button from within the relevant entry in the Security Events > Preventions > Exploits tab. What is the result of the created rule?

Options

AThe new rule stops all EPM injection into the faulted process.

BThe new rule stops all EPM injection into processes on the machine on which the prevention was triggered.

CThe new rule excludes the endpoint from Traps protection.

DThe new rule will include the EPM that raised the prevention, the process that triggered the prevention, the machine on which the prevention was triggered, and a descriptive name for the rule.

Question No: 15

MultipleChoice

Traps agents use a default password for uninstallation in the event that they never communicate with their ESM server. Identify the password.

Options

APaloAlto!

BUninstall1

CNo password is required

DPassword1

Question No: 16

MultipleChoice

An ESM server’s SSL certificate needs two Enhanced Key Usage purposes:

Client Authentication and ________________

Options

AServer Authentication

BFile Recovery

CIP Security User

DIP Security Tunnel Termination

Question No: 17

MultipleChoice

To ensure that the Traps VDI tool can obtain verdicts for all unknown files what are the things that needs to be checked? Assuming ESM Console and ESM Server are on different servers. (Choose two.)

Options

AESM Server can access WildFire Server

BEndpoint can access WildFire Server

CESM Console can access WildFire Server

DEndpoint can access ESM Server

Question No: 18

MultipleChoice

There are two custom policy rules in ESM Console. Policy rule number 1000 turns ROP off for winword.exe. Policy rule number 1001 turns ROP on for winword.exe

What is the ROP module status for winword.exe?

Options

ADue to the collision in the policy rules, ROP is enabled in notification mode.

BThe lower numbered policy rule takes precedence. ROP is off for winword.exe

CThe higher numbered policy rule takes precedence. ROP is on for winword.exe

DThe default policy rule takes precedence over both policy rules 1000 and 1001 and disables ROP for winword.exe

Question No: 19

MultipleChoice

An administrator receives an alert indicating the ESM service is not starting on the ESM Server. When the administrator tries to start the service manually, the administrator receives an error. "The Endpoint Security Manager service on Local Computer started and then stopped."

What is the cause of the failure?

Options

AThe Account assigned to the service does not have 'Log on as a batch job' permissions on the machine.

BThe Account assigned to the service does not have ''Log on as a service' permissions on the machine.

CThe Account assigned to the service is not the Local Administrator on the machine.

DThe Account assigned to the service is not an Active Directory Domain user.

Question No: 20

MultipleChoice

Which is the proper order of tasks that an administrator needs to perform to successfully create and install Traps 4.x for macOS agents?

Options

ADownload ClientUpgradePackage_4.x.x.zip from the support portal. Copy ClientUpgradePackage_4.x.x.zip to target endpoint. Unzip and run traps pkg.

BDownload ClientUpgradePackage.zip from the support portal. Create installation package on ESM using .zip file, download installpackage.zip file. Copy installpackage.zip to target endpoint. Unzip and run traps pkg.

CDownload Traps_macOS_4.x.x.zip from the support portal. Copy Traps_macOS_4.x.x.zip to target endpoint. Unzip and run traps pkg.

DDownload Traps_macOS_4.x.x.zip from the support portal. Create installation package on ESM using .zip file, download installpackage.zip file. Copy installpackage.zip to target endpoint. Unzip and run traps pkg.

Free Palo Alto Networks PSE-Endpoint Exam Dumps June 2026