Palo Alto Networks PSE-Endpoint Quiz 1 Topic 1 Questions 1-5

Question: 1

An administrator receives a number of email alerts indicating WildFire has prevented a malicious activity. All the prevention events refer to launching an Install Wizard that has received a benign verdict from WildFire. All prevention events are reported on a subset of endpoints, that have recently been migrated Mom another Traps deployment.

Which two troubleshooting actions are relevant to this investigation? (Choose two.)

ACheck that the servers xml file has been cleared on the migrated endpoints.

BCheck that the ClientInfoHash tag has been cleared on the migrated endpoints.

CCheck that the actions xml file has not been cleared on the migrated endpoints.

DCheck that the WildFire cache has been cleared on the migrated endpoints.

Show Answer

Question: 2

The ESM policy is set to upload unknowns to WildFire. However, when an unknown is executed the Upload status in ESM Console never displays "Upload in progress", and the verdict remains local analysis or unknown. Even clicking the upload button and checking in does not resolve the Issue. A line in the log file suggests not being able to download a file from "https:/ESMSERVER/BitsUploads/â€¦ to C:ProgramDataCyveraTemp..."

Which solution fixes this problem?

ARestart BITS service on the endpoint

BRestart BITS service on ESM

CRemove and reinstall all the agents without SSL

DIn the ESM Console, use the FQDN in multi ESM

Show Answer

Question: 3

An administrator is testing an exploit that is expected to be blocked by the JIT Mitigation EPM protecting the viewer application in use. No prevention occurs, and the attack is successful.

In which two ways can the administrator determine the reason for the missed prevention? (Choose two.)

ACheck in the HKLM\SYSTEM\Cyvera\Policy registry key and subkeys whether JIT Mitigation is enabled for this application

BCheck if a Just-In-Time debugger is installed on the system

CCheck that the Traps libraries are injected into the application

DCheck that all JIT Mitigation functions are enabled in the HKLM\SYSTEM\Cyvera\Policy\Organization\Process\Default registry key

Show Answer

Question: 4

An administrator is installing ESM Core 4.0. The SQL Server is running on a non-standard port (36418). The database connection validation is failing. The administrator has entered the following information:

Server Name: ServernameInstance

Database: TrapsDB

User Name: DomainAccount

What is causing the failure?

AThe database name 'TrapsDB' is unsupported

BThe instance name should not be specified

CThe non-standard port needs to be specified in the format TrapsDB,36418

DThe destination port cannot be configured during installation

Show Answer

Question: 5

An administrator can check which two indicators to verity that Traps for Mac is running correctly on an installed endpoint? (Choose two.)

AUse cytool from the command line interface to display the running Traps agent services.

BIn the Activity Monitor, verify that CyveraSecvice is running

CPing other Traps agents from the macOS agent

DVerity that the Traps agent icon is displayed on the macOS finder bar.

Show Answer

Palo Alto Networks PSE-Endpoint Quiz:1 Topic:1 Questions:1-5