Question No. 1

A large manufacturer is planning to roll out Traps to 75,000 endpoints. Their environment consists of three major sites with 24,000 endpoints each, plus about 3,000 remote endpoints in smaller remote locations using always-on VPN connections to a single one of the major sites. The customer wants to minimize network traffic between the major sites, but all endpoints have internet access. The customer is looking for a centrally managed solution with common reporting and management for all endpoints in the environment.

Which design option would be appropriate for this environment?

APlace the Traps database. ESM Console and two ESM core servers in the large site hosting the VPN gateway, and force all endpoints to use VPN at all times.

BPlace the Traps database, ESM Console and seven ESM core servers in a public-cloud environment where the ESM Core servers are accessible from the internet.

CPlace a Traps database, ESM Console and an ESM core server in each of the three large sites.

DPlace the Traps database and ESM Console in one of the major sites, and one ESM core server in each of the three major sites.

Show Answer

Correct Answer: D

Question No. 2

Assume a Child Process Protection rule exists for powershell.exe in Traps v 4.0. Among the items on the blacklist is ipconfig.exe. How can an administrator permit powershell.exe to execute ipconfig.exe without altering the rest of the blacklist?

Aadd ipconfig.exe to the Global Child Processes Whitelist, under Restriction settings.

BUninstall and reinstall the traps agent.

CCreate a second Child Process Protection rule for powershell.exe to whitelist ipconfig.exe.

DRemove ipconfig.exe from the rule's blacklist.

Show Answer

Correct Answer: A

Question No. 3

An administrator can check which two indicators to verity that Traps for Mac is running correctly on an installed endpoint? (Choose two.)

AUse cytool from the command line interface to display the running Traps agent services.

BIn the Activity Monitor, verify that CyveraSecvice is running

CPing other Traps agents from the macOS agent

DVerity that the Traps agent icon is displayed on the macOS finder bar.

Show Answer

Correct Answer: B, D

Question No. 4

An administrator has a critical group of systems running Windows XP SP3 that cannot be upgraded. The administrator wants to evaluate the ability of Traps to protect these systems and the word processing applications running on them.

How should an administrator perform this evaluation?

ARun a known 2015 flash exploit on a Windows XP SP3 VM, and run an exploitation tool that acts as a listener. Use the results to demonstrate Traps capabilities.

BRun word processing exploits in a Windows 7 VM in a controlled and isolated environment. Document indicators of compromise and compare to Traps protection capabilities.

CPrepare a Windows 7 VM. Gather information about the word processing applications, determine if some of them are vulnerable, and prepare a working exploit for at least one of them. Execute with an exploitation tool.

DGather information about the word processing applications and run them on a Windows XP SP3 VM. Determine if any of the applications are vulnerable and run the exploit with an exploitation tool.

Show Answer

Correct Answer: A

Question No. 5

Which two are valid optional parameters when upgrading Traps agent from the ESM console using Upgrade from path? (Choose two.)

AConditions

BProcesses

CESM Server

DTarget Objects

EFeatures

Show Answer

Correct Answer: A, D

Free Palo Alto Networks PSE-Endpoint Exam Actual Questions

The questions for PSE-Endpoint were last updated On Jan 19, 2025