Palo Alto Networks Exam PSE-Endpoint Topic 2 Question 69 Discussion

Actual exam question for Palo Alto Networks's PSE Endpoint Professional Exam exam

Question #: 69
Topic #: 2

[All PSE Endpoint Professional Exam Questions]

An Administrator has identified an EPM-triggered false positive and has used the Create Rule button from within the relevant entry in the Security Events > Preventions > Exploits tab. What is the result of the created rule?

AThe new rule stops all EPM injection into the faulted process.

BThe new rule stops all EPM injection into processes on the machine on which the prevention was triggered.

CThe new rule excludes the endpoint from Traps protection.

DThe new rule will include the EPM that raised the prevention, the process that triggered the prevention, the machine on which the prevention was triggered, and a descriptive name for the rule.

Show Suggested Answer

Suggested Answer: B

by Ilona at Jul 13, 2024, 09:45 AM

Limited Time Offer

25%

Off

Get Premium PSE-Endpoint Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Marisha

28 days ago

This question is like a game of whack-a-mole. You fix one issue, and another pops up! I hope the right answer is in there somewhere.

upvoted 0 times

Art

8 days ago

B) The new rule stops all EPM injection into processes on the machine on which the prevention was triggered.

upvoted 0 times

...

Kayleigh

10 days ago

A) The new rule stops all EPM injection into the faulted process.

upvoted 0 times

...

Tarra

1 months ago

I think it might be option B, as it mentions stopping EPM injection into processes on the machine.

upvoted 0 times

...

Kenneth

1 months ago

Okay, I'm leaning towards A. If the admin is trying to address a false positive, they probably want to stop all EPM injection into the faulted process, right?

upvoted 0 times

Beatriz

16 days ago

User 3: I agree with Beatriz. A seems like the most logical option in this scenario.

upvoted 0 times

...

Barbra

18 days ago

User 2: I see your point, but I still believe it's A. Stopping all EPM injection into the faulted process makes sense to address the false positive.

upvoted 0 times

...

Salley

23 days ago

User 1: I think it's actually D. The new rule will include all the necessary details for the specific prevention.

upvoted 0 times

...

Hyman

1 months ago

But option D mentions including specific details in the rule, which seems more comprehensive.

upvoted 0 times

...

Dalene

1 months ago

I'm going with D. The rule should include all the relevant details like the EPM, process, machine, and a descriptive name. Seems like the most comprehensive option.

upvoted 0 times

...

Carmen

1 months ago

Hmm, I think the answer is B. The new rule should stop all EPM injection into processes on the machine where the prevention was triggered, not just the faulted process.

upvoted 0 times