PSE-ENDPOINT Online Practice Questions and Answers

In a scenario that macOS Traps logs failed to be uploaded to the forensic folder, where will the user on the macOS host be able to find to collected logs?

A. /ProgramData/Cyvera/Logs

B. /ProgramData/Cyvera/Everyone/Temp

C. /Library/Application Support/Cyvera/BITS Uploads/

D. /Library/Application Support/PaloAltoNetworks/Traps/Upload/

Traps agents use a default password for uninstallation in the event that they never communicate with their

ESM server.

Identify the password.

A. PaloAlto!

B. Uninstall1

C. No password is required

D. Password1

The administrator has added the following whitelist to the WildFire Executable Files policy.

*\mysoftware.exe

What will be the result of this whitelist?

A. users will not be able to run mysoftware.exe.

B. mysoftware.exe will be uploaded to WildFire for analysis

C. mysoftware.exe will not be analyzed by WildFire regardless of the file location.

D. mysoftware.exe will not be analyzed by WildFire, but only if executed from the C drive.

When planning to test a software exploit using a Metasploit module, what two options should be considered about the victim host to ensure success?

A. USB port version of the victim host

B. Speed and make of the victim's RAM

C. software version of the target application

D. platform, architecture, and patch level of the victim host

The administrator has downloaded the Traps_macOS_4.x.x.zip file. What are the next steps needed to successfully install the Traps 4.x for macOS agent?

A. Push the Traps_macOS_4.x.x.zip to the target endpoint(s), unzip it, and execute Traps.pkg

B. Unzip the Traps_macOS_4.x.x.zip, push the Traps pkg file to the target endpoint(s) and execute Traps.pkg

C. Create a one time action to install the Traps_macOS_4.x.x.zip file on the target endpoint(s)

D. Create an installation package using Traps_macOS_4.x.x on ESM, download the installationpackage.zip, push the installationpackage.zip to target endpoint(s), unzip it, and execute Traps.pkg

An administrator receives a number of email alerts indicating WildFire has prevented a malicious activity. All the prevention events refer to launching an Install Wizard that has received a benign verdict from WildFire. All prevention events are reported on a subset of endpoints, that have recently been migrated Mom another Traps deployment. Which two troubleshooting actions are relevant to this investigation? (Choose two.)

A. Check that the servers xml file has been cleared on the migrated endpoints.

B. Check that the ClientInfoHash tag has been cleared on the migrated endpoints.

C. Check that the actions xml file has not been cleared on the migrated endpoints.

D. Check that the WildFire cache has been cleared on the migrated endpoints.

A company discovers through the agent health display in ESM Console that a certain Traps agent is not communicating with ESM Server. Administrators suspect that the problem relates to TLS/SSL. Which troubleshooting step determines if this is an SSL issue?

A. From the agent run the command: telnet (hostname) (port)

B. Check that the Traps service is running

C. From the agent run the command: ping (hostname)

D. Browse to the ESM hostname from the affected agent

When installing the ESM, what role must the database user be assigned in Microsoft SQL?

A. db_owner

B. db_secuirtyadmin

C. db_datawriter

D. db_accessadmin

A customer plans to test the malware prevention capabilities of Traps. It has defined this policy. Local analysis is enabled Quarantining of malicious files is enabled Files are to be uploaded to WildFire

No executables have been whitelisted or blacklisted in the ESM Console Hash Control screen. Malware sample A has a verdict of Malicious in the WildFire service. Malware sample B is unknown to WildFire. Which behavior will result?

A. WildFire will block sample A as known malware; sample B will be blocked as an unknown binary while the file is analyzed by WildFire for a final verdict.

B. Hash Control already knows sample A locally in the endpoint cache and will block it. Sample B will not be blocked by WildFire, but will be blocked by the local analysis engine.

C. WildFire will block sample A as known malware, and sample B will compromise the endpoint because it is new and ESM Server has not obtained the required signatures.

D. WildFire will block sample A as known malware; sample B will not be blocked by WildFire, but will be evaluated by the local analysis engine and will or will not be blocked, based on its verdict, until WildFire analysis determines the final verdict.

An administrator would like to add Google Chrome and Google Chrome Helper to the exploit prevention policy for macOS. In order to achieve this task, which option should be added to the macOS protected processes list?

A. chrome app

B. google chrome and google chrome helper

C. chrome*

D. google chrome

A company is using a Web Gateway/Proxy for all outbound connections. The company has deployed Traps within the domain and in testing, discovered that the ESM Servers are unable to communicate with WildFire. All other Traps features are working.

What is the most likely cause of the issue?

A. The administrator needs to configure WildFire proxy settings in each Agent Console.

B. The administrator needs to configure WildFire proxy settings in the ESM Console and in each Agent Console.

C. The Administrator needs to purchase the additional site license required for WildFire.

D. The Administrator needs to configure WildFire proxy settings in the ESM Console.

During installation of the ESM and the agent, SSL was enabled on an endpoint. However, the agent

communication is failing. The services.log on the endpoint has the following

error.

*An error occurred while making the HTTP request to https: //hostname:2125/CyveraServer/. This could be

due to the fact that the server certificate is not configured property with HTTP SYS in the HTTPS case.

This could also be caused by a mismatch of the security binding between the client and the server."

Which certificate can be imported on the endpoint to solve this issue? Assume the hostname is a valid

FQDN and the ESM Server and Console have different certificates.

A. ESM Server Public Certificate

B. ESM Server Serf-Signed Certificate

C. ESM Console Self-Signed Certificate

D. ESM Console Public Certificate

Which two enhanced key usage purposes are necessary when creating an SSL certificate for an ESM server? (Choose two.)

A. File Recovery

B. Server Authentication

C. Client Authentication

D. Key Recovery

Files are not getting a WildFire verdict.

What is one way to determine whether there is a BITS issue?

A. Check the upload status in the hash control screen.

B. Run a telnet command between Traps agent and ESM Server on port 2125.

C. Use PowerShell to test upload using HTTP POST method.

D. Initiate a "Send support file" from the agent.

An administrator has decided to test Traps functionality using malware samples in an isolated nonproduction environment. In order to effectively test Traps, what three types of samples should the administrator avoid? (Choose three.)

A. A sample with a low number of hits in Virus Total.

B. An MS Office document which contains a ransomware macro.

C. A sample known to be flagged as grayware by Traps.

D. A freeware video application which spawns malicious processes.

E. A sample known to generate false positives in the production environment.