Palo Alto Networks Exam PSE-Endpoint Topic 1 Question 55 Discussion

Actual exam question for Palo Alto Networks's PSE-Endpoint exam

Question #: 55
Topic #: 1

An Administrator has identified an EPM-triggered false positive and has used the Create Rule button from within the relevant entry in the Security Events > Preventions > Exploits tab. What is the result of the created rule?

AThe new rule stops all EPM injection into the faulted process.

BThe new rule stops all EPM injection into processes on the machine on which the prevention was triggered.

CThe new rule excludes the endpoint from Traps protection.

DThe new rule will include the EPM that raised the prevention, the process that triggered the prevention, the machine on which the prevention was triggered, and a descriptive name for the rule.

Show Suggested Answer

Suggested Answer: B

by Fabiola at Dec 21, 2023, 01:39 PM

Limited Time Offer

25%

Off

Get Premium PSE-Endpoint Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Chandra

7 months ago

Haha, yeah D does sound a bit too perfect. Knowing these exams, they probably want us to find the most specific and targeted solution. I'm leaning towards option B as the best answer.

upvoted 0 times

Adelle

6 months ago

Yeah, I feel good about our decision. Option B it is!

upvoted 0 times

...

Audry

6 months ago

Great, we're on the same page here. Option B it is!

upvoted 0 times

...

Rory

6 months ago

Let's go with option B then, it seems like the most practical choice.

upvoted 0 times

...

Latonia

6 months ago

I've had success with similar approaches before, so I'm confident in option B.

upvoted 0 times

...

Thersa

6 months ago

Definitely, that way we can prevent the same issue from happening again.

upvoted 0 times

...

Howard

6 months ago

Yeah, I think focusing on stopping EPM injection into processes on the same machine makes the most sense.

upvoted 0 times

...

Honey

6 months ago

I agree, option B seems like the most targeted solution.

upvoted 0 times

...

Percy

7 months ago

Hmm, I could see it being option B or C. Stopping all EPM injection on that machine seems plausible, or excluding the endpoint from Traps protection. Although D does sound comprehensive, almost too good to be true.

upvoted 0 times

...

Tegan

7 months ago

That's a good point. Maybe the rule is meant to prevent that specific EPM injection from triggering a prevention in the future? Or to exclude that process from Traps altogether?

upvoted 0 times

...