Overview
This document is the Study Guide for the Palo Alto Networks Systems Engineer: Endpoint Professional Certification Exam, abbreviated as PSE: Endpoint – P. The 3.4 release of this exam is its initial release
This exam will accredit that the successful candidate has the knowledge and skills necessary to position Traps, deliver a proof of concept, and provide support of the entire engagement where needed.
Individuals will be able to help with customer success and help customers with customer software upgrade planning.
Prerequisites
You should complete the following prerequisites before attempting this exam:
The equivalent of six months’ experience working full-time with the Palo Alto Networks security platform
Three to five years’ experience in the endpoint security space
The following are recommended but not required:
Successful completion of either PSE: Endpoint Associate training or the Traps: Install, Configure, and Manage (EDU-281) course
Passing the PSE: Endpoint Associate examination
Successful completion of either the Traps Deployment Workshop or the Traps: Deploy and Optimize (EDU-285) course
The scope of the exam is Traps 3.4. Knowledge of prior releases of Traps is not required. All items on the exam should be interpreted in a Traps 3.4 context.
Exam Format
The test format is approximately 45 multiple-choice items. Some items require a single correct response, and others require that the candidate select more than one correct answer.
Native English speakers will have 45 minutes to complete the items. Non-native English speakers will have 75 minutes to complete the items.
Testing Objectives and Sample Questions
Here are the Testing Objectives and some Sample Questions for this exam. Each exam item is designed to test competence on a single Testing Objective. The Testing Objectives are grouped by Knowledge
Domains. Upon completing the exam, you will receive feedback about your performance at the Domain level.
Analyze the Customer’s Environment
Objectives:
Given a scenario, identify how to design a Traps deployment that uses Multiple ESMs without a load balancer.
Given a scenario where a customer wants to deploy traps in a VDI environment, identify the steps to prepare the image.
Given a scenario where a customer is using an internet proxy, configure ESM Server to communicate with WildFire.
Identify common software categories that will and will not work with Traps.
Install the Product
Given a scenario about the installation of Traps, identify the components that should be included to install IIS.
Identify the correct version of .NET to be installed.
Given an attack scenario, identify the appropriate Palo Alto Networks threat prevention component.
Identify the purpose of SSL Certificates and identify how to create an SSL Certificate request.
Given a scenario about the installation of Traps, identify hardware compliance.
Given a scenario about installing an ESM and the database connection fails, troubleshoot the failure.
Given a scenario about installing an ESM where the SSL agent-to-server communication is failing, troubleshoot the failure.
Given a scenario about installing an ESM, troubleshoot user permissions setup.
Identify the MSI parameters that can be modified.
Calculate the average annual database storage utilization for a given number of endpoints.
Verify Traps Functionality
Given a scenario where a self-signed SSL certificate is being used and communication is failing, troubleshoot the failure.
Given a scenario about failing file uploads, troubleshoot the BITS communication.
Identify system and traffic issues utilizing Web UI and CLI tools.
Given a scenario in which Traps fails to inject its drivers to a process, troubleshoot the failure.
Given a scenario in which agent-to-server file uploads are successful but the server cannot upload to WildFire, troubleshoot the failure.
Given a scenario where the ESM services are not starting, troubleshoot the failure.
Policy Configuration
Given a scenario about a customer who wants to conduct malware testing, identify how the policy should be configured.
Given rules, identify which rules will be enforced.
Given a scenario, identify how to use rule merging capabilities.
Given a scenario, troubleshoot a false positive WildFire verdict.
Identify the heartbeat intervals that can be set.
Test Traps Efficacy
Given a scenario testing software exploitation, identify the environment that should be used.
Given a scenario about testing vulnerable software, determine the tools and methodology to locate software with identified vulnerabilities.
Given a scenario including the need to exploit a vulnerability, locate an applicable exploit within Metasploit.
Describe how to configure and run a Metasploit module at the level of Metasploit console.
Given a scenario about testing software exploitation prevention and the exploit is not prevented, preliminarily troubleshoot the situation.
Given a scenario where a customer wants to test malware samples against Traps, identify the types of samples that should be avoided.
Given a scenario about restricting execution of a specific executable, identify the most effective local folder restriction to apply.
Post-Sales: Live Deployment
Given a database migration, identify the next step in the process or troubleshoot any issues.
QUESTION 1
To ensure that the Traps VDI tool can obtain verdicts for all unknown files what are the things that needs to be checked?
Assuming ESM Console and ESM Server are on different servers. (Choose two.)
A. ESM Server can access WildFire Server
B. Endpoint can access WildFire Server
C. ESM Console can access WildFire Server
D. Endpoint can access ESM Server
Answer: A,D
QUESTION 2
Which set of modules must be loaded and configured when using Metasploit?
A. Attacker, payload
B. Exploit, payload
C. Exploit, malware
D. Malware, host
Answer: C
QUESTION 3
Which MSI command line parameters will successfully install a Traps agent using SSL and pointed to server ESM?
A. msiexec /i c:\traps.msi /qn TRAPS_SERVER=ESM USE_SSL_PRIMARY=1
B. msiexec /i c:\traps.msi /qn CYVERA_SERVER=ESM USE_SSL_PRIMARY=1
C. msiexec /i c:\traps.msi /qn ESM_SERVER=ESM USE_SSL_PRIMARY=1
D. msiexec /x c:\traps.msi /qn SERVER=ESM USE_SSL_PRIMARY=1
Answer: B
QUESTION 4
Which two enhanced key usage purposes are necessary when creating an SSL certificate for an ESM server? (Choose two.)
A. File Recovery
B. Server Authentication
C. Client Authentication
D. Key Recovery
Answer: B,C
QUESTION 5
In a scenario that macOS Traps logs failed to be uploaded to the forensic folder, where will the user on the macOS host be able to find to collected logs?
A. /ProgramData/Cyvera/Logs Paloalto Networks PSE-Endpoint
B. /ProgramData/Cyvera/Everyone/Temp
C. /Library/Application Support/Cyvera/BITS Uploads/
D. /Library/Application Support/PaloAltoNetworks/Traps/Upload/
Answer: D
Click here to view complete Q&A of PSE Endpoint exam
Certkingdom Review, Certkingdom PDF
Best Palo Alto Networks PSE-Endpoint Certification, Palo Alto Networks PSE-Endpoint Training at certkingdom.com