Palo Alto Networks Exam PSE-Endpoint Topic 1 Question 56 Discussion

Actual exam question for Palo Alto Networks's PSE-Endpoint exam

Question #: 56
Topic #: 1

Assume a Child Process Protection rule exists for powershell.exe in Traps v 4.0. Among the items on the blacklist is ipconfig.exe. How can an administrator permit powershell.exe to execute ipconfig.exe without altering the rest of the blacklist?

Aadd ipconfig.exe to the Global Child Processes Whitelist, under Restriction settings.

BUninstall and reinstall the traps agent.

CCreate a second Child Process Protection rule for powershell.exe to whitelist ipconfig.exe.

DRemove ipconfig.exe from the rule's blacklist.

Show Suggested Answer

Suggested Answer: A

by Gail at Jan 25, 2024, 12:36 AM

Limited Time Offer

25%

Off

Get Premium PSE-Endpoint Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Joanna

11 months ago

Haha, yeah, this is the kind of question that makes you feel like a real IT ninja. I'm just picturing the admin being like, 'Aha! Tricked you, Traps!'

upvoted 0 times

...

Sherill

11 months ago

Totally, option C is the way to go. Besides, who doesn't love a good ol' workaround? It's like we're being tested on our problem-solving skills here.

upvoted 0 times

Keneth

10 months ago

C) Create a second Child Process Protection rule for powershell.exe to whitelist ipconfig.exe.

upvoted 0 times

...

Aaron

10 months ago

A) add ipconfig.exe to the Global Child Processes Whitelist, under Restriction settings.

upvoted 0 times

...

Mammie

10 months ago

That makes sense. It's always good to find a workaround.

upvoted 0 times

...

Anastacia

10 months ago

C) Create a second Child Process Protection rule for powershell.exe to whitelist ipconfig.exe.

upvoted 0 times

...

Alana

10 months ago

A) add ipconfig.exe to the Global Child Processes Whitelist, under Restriction settings.

upvoted 0 times

...

Alecia

11 months ago

I agree with that logic. The question specifically says we can't alter the rest of the blacklist, so that rules out option D. And uninstalling and reinstalling the agent seems like overkill just to run ipconfig.exe.

upvoted 0 times

...

Rebecka

11 months ago

Hmm, this is an interesting one. I think the answer has to be C - creating a second Child Process Protection rule to whitelist ipconfig.exe. That way, we can maintain the existing blacklist without having to modify it directly.

upvoted 0 times

...