Here you have the best Palo Alto Networks PSE-Cortex practice exam questions
What does the Cortex XSOAR "Saved by Dbot" widget calculate?
The Cortex XSOAR 'Saved by Dbot' widget calculates the amount of time saved by Dbot's machine learning (ML) capabilities. This widget helps to understand the efficiency and time-optimization benefits gained from the automation and intelligence provided by Dbot within the Cortex XSOAR platform.
How do sub-playbooks affect the Incident Context Data?
When a sub-playbook is set to private, task outputs do not automatically get written to the root context. This means that the outputs from the tasks within the sub-playbook are isolated and will not interfere with or modify the main incident context data directly. This mechanism helps to control the scope and impact of the playbook’s execution, ensuring that only relevant data is shared with the root context as needed.
Which two playbook functionalities allow looping through a group of tasks during playbook execution? (Choose two.)
GenericPolling playbooks are designed to repeatedly execute a set of tasks until a specific condition is met, allowing continuous monitoring or periodic checks as needed. Playbook tasks can be configured with conditions to loop through a group of tasks based on previous task outcomes, facilitating repeated executions within the same playbook. Thus, both options fulfill the requirement of allowing looping through a group of tasks during playbook execution.
Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command-and-control (C2) traffic.
What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall?
The best method to block an IP address involved in command-and-control (C2) traffic without requiring a configuration change on the firewall is to have XSOAR automatically add the IP address to an external dynamic list (EDL) used by the firewall. EDLs are lists that can be dynamically updated and referenced by firewall policies to block or allow traffic. This method allows the firewall to automatically update its blocking rules based on the latest threat intelligence without needing manual configuration changes.
Which integration allows searching and displaying Splunk results within Cortex XSOAR?
The correct integration for searching and displaying Splunk results within Cortex XSOAR is the Splunk integration. The Splunk integration in Cortex XSOAR is designed to interact with Splunk, allowing users to search for data and fetch results directly from Splunk into Cortex XSOAR. While other integrations might exist, they serve different purposes or functionalities that are not specifically about searching and displaying Splunk results within Cortex XSOAR.