Palo Alto Networks Exam PSE-Endpoint Topic 2 Question 2 Discussion

Actual exam question for Palo Alto Networks's PSE-Endpoint exam

Question #: 2
Topic #: 2

An administrator is testing an exploit that is expected to be blocked by the JIT Mitigation EPM protecting the viewer application in use. No prevention occurs, and the attack is successful.

In which two ways can the administrator determine the reason for the missed prevention? (Choose two.)

ACheck in the HKLM\SYSTEM\Cyvera\Policy registry key and subkeys whether JIT Mitigation is enabled for this application

BCheck if a Just-In-Time debugger is installed on the system

CCheck that the Traps libraries are injected into the application

DCheck that all JIT Mitigation functions are enabled in the HKLM\SYSTEM\Cyvera\Policy\Organization\Process\Default registry key

Show Suggested Answer

Suggested Answer: A, C

by Caprice at May 09, 2022, 08:33 AM

Limited Time Offer

25%

Off

Get Premium PSE-Endpoint Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!