Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Palo Alto Networks Exam PSE-Endpoint Topic 1 Question 56 Discussion

Actual exam question for Palo Alto Networks's PSE-Endpoint exam
Question #: 56
Topic #: 1
[All PSE-Endpoint Questions]

Assume a Child Process Protection rule exists for powershell.exe in Traps v 4.0. Among the items on the blacklist is ipconfig.exe. How can an administrator permit powershell.exe to execute ipconfig.exe without altering the rest of the blacklist?

Show Suggested Answer Hide Answer
Suggested Answer: A

Contribute your Thoughts:

Joanna
8 months ago
Haha, yeah, this is the kind of question that makes you feel like a real IT ninja. I'm just picturing the admin being like, 'Aha! Tricked you, Traps!'
upvoted 0 times
...
Sherill
8 months ago
Totally, option C is the way to go. Besides, who doesn't love a good ol' workaround? It's like we're being tested on our problem-solving skills here.
upvoted 0 times
Keneth
8 months ago
C) Create a second Child Process Protection rule for powershell.exe to whitelist ipconfig.exe.
upvoted 0 times
...
Aaron
8 months ago
A) add ipconfig.exe to the Global Child Processes Whitelist, under Restriction settings.
upvoted 0 times
...
Mammie
8 months ago
That makes sense. It's always good to find a workaround.
upvoted 0 times
...
Anastacia
8 months ago
C) Create a second Child Process Protection rule for powershell.exe to whitelist ipconfig.exe.
upvoted 0 times
...
Alana
8 months ago
A) add ipconfig.exe to the Global Child Processes Whitelist, under Restriction settings.
upvoted 0 times
...
...
Alecia
8 months ago
I agree with that logic. The question specifically says we can't alter the rest of the blacklist, so that rules out option D. And uninstalling and reinstalling the agent seems like overkill just to run ipconfig.exe.
upvoted 0 times
...
Rebecka
8 months ago
Hmm, this is an interesting one. I think the answer has to be C - creating a second Child Process Protection rule to whitelist ipconfig.exe. That way, we can maintain the existing blacklist without having to modify it directly.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77