Halloween Special Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

Paloalto Networks PCSAE Palo Alto Networks Certified Security Automation Engineer Exam Practice Test

Page: 1 / 16
Total 156 questions

Palo Alto Networks Certified Security Automation Engineer Questions and Answers

Question 1

What is the function of timer SLA fields in Cortex XSOAR?

Options:

A.

To track SLA breaches per playbook

B.

To run a script that executes on SLA assignment

C.

To automatically alert the analyst on SLA breach

D.

To count the time between one or more tasks

Question 2

An incident field is created having the display name as Source_IP. How can the field be accessed?

Options:

A.

${incident.sourceip}

B.

${incident.Source_IP}

C.

${incident.srcip}

D.

${incident.Source IP}

Question 3

In which two scenarios would it be appropriate to implement a loop for a sub-playbook? (Choose two.)

Options:

A.

In repetitive process flows to iterate for each playbook input

B.

When continuously ingesting incidents from third-party systems

C.

In repetitive process flows with no more than 10 loops

D.

In repetitive processes that requires sub-playbook re-execution

Question 4

An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users.

Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)

Options:

A.

Open a ticket with the XSOAR support team

B.

Create a pull request directly on Github

C.

Contribute through the XSOAR UI

D.

Send an email to contributions@xsoar.com

Question 5

To avoid exceeding API quotas for third-party services, indicators are only updated after the indicator cache expiration period. What is the default cache expiration period for indicators in XSOAR (minutes/days)?

Options:

A.

10,080 minutes (7 days)

B.

20,160 minutes (14 days)

C.

21,600 minutes (15 days)

D.

4,320 minutes (3 days)

Question 6

Which tag must be applied to an Automation Script in order for it to be available when configuring an Indicator Type?

Options:

A.

reputation-script

B.

enrich

C.

reputationScript

D.

reputation

Question 7

Threat Intel search queries can be shared with which of the following? (Select 1)

Options:

A.

Users defined in the platform (email or username)

B.

Other organizations via the Marketplace

C.

Users outside XSOAR via email invite

D.

Roles defined in the platform

Question 8

An engineer asked for a specific command in an integration but the capability does not exist. The engineer decided to edit the existing integration by copying the integration and adding the needed commands.

What is the main concern when adding these commands?

Options:

A.

The commands must return a proper result to the war room for the analysts to understand

B.

The code may not be written to XSOAR standards

C.

The integrations are locked and cannot be edited with additional commands

D.

The custom integration will not be maintained and updated by XSOAR content team

Question 9

When developing the playbook, which of the following can be used by a XSOAR Administrator?

Options:

A.

The Debugger panel to test data with one of last five incidents. This will affect the incident’s original incident data.

B.

Context data from existing incidents by exporting the YAML data from incidents and importing it to playbook editor.

C.

Debugger panel and XML data from a similar incident with New Mock Incident. This will not affect the incidents original incident data.

D.

The Debugger panel to test data with one of last fifty incidents. This will not affect the incident’s original incident data.

Question 10

An engineer’s organization system is registered in the following manner: . The engineer created a new indicator type for detecting systems using regex. The engineer would now like the username to be created as a separate ‘User’ indicator automatically once a system is found.

What is the most efficient way for the engineer to achieve this?

Options:

A.

Create a custom indicator field named ‘username’ and link it to the internal system indicator

B.

Change the reputation command for the internal system indicator type

C.

Create a new indicator type of the internal username and set a formatting script to extract only the

username

D.

Create a new indicator type of the internal username and have the regex included on any string that has dash at the beginning

Question 11

What will happen if a playbook debugger is left running for more than 24 hours?

Options:

A.

By default, every 24 hours, the system closes any debugger sessions that have been open for more than 180 minutes.

B.

The session must be stopped during 180 minutes manually by administrator, user will receive notification automatically.

C.

The session will be running till stopped manually by administrator.

D.

By default, the system closes automatically any debugger session that have been open 180 minutes.

Question 12

An administrator wants to run an automation in the War Room to set the incident field "Description" to "Confirmed Phishing". Which command should they enter in the War Room CLI?

Options:

A.

!incidentSet description="Confirmed Phishing"

B.

/incidentSet description=Confirmed Phishing

C.

!setIncident description="Confirmed Phishing"

D.

/setIncident description=Confirmed Phishing

Question 13

By default, which components does an XSOAR implementation include?

Options:

A.

XSOAR server, XSOAR engine

B.

Application server, distributed DB server

C.

Application server, distributed DB server, Backup server

D.

All in one server

Question 14

Which two functions in XSOAR are incident types used for? (Choose two.)

Options:

A.

To run dedicated playbooks for different event types

B.

To classify events ingested from various sources into the relevant types

C.

To classify indicators extracted in XSOAR incidents to their respective types

D.

To facilitate role based access to XSOAR incidents

Question 15

What happens if both a Classifier and Incident Type are configured in an integration instance's settings?

Options:

A.

The administrator will receive a notification that there is both a Classifier and Incident Type set for that integration instance.

B.

The Incident Type will be ignored, and incoming incidents will be classified according to the Classifier.

C.

The Classifier will be ignored, and incoming incidents will be classified according to the Incident Type.

D.

Both the Classifier and Incident Type will classify incoming incidents.

Question 16

When uploading content, which two options could the upload include? (Choose two.)

Options:

A.

Indicators

B.

Incidents

C.

Reports

D.

Fields

Question 17

Inside the Incidents table view, which actions can be performed on the selected incidents? (Choose two.)

Options:

A.

Run Command, Export, and Close and Delete for all selected incidents regardless of their status

B.

Assign, Edit, and Mark as Duplicate for all selected incidents regardless of their status

C.

Run Command for all selected incidents having Active status

D.

Export incidents as JSON and change incident status

Question 18

Which field type should be used to hold more than 60,000 characters of unformatted text?

Options:

A.

Short Text

B.

HTML

C.

Long Text

D.

Markdown

Question 19

How is data transferred between playbook tasks?

Options:

A.

Read/Write from context data

B.

Over war room results

C.

Input from the indicator page

D.

Directly from a previous task

Question 20

How would context data be filtered to receive only malicious indicator values with DBotScore?

Options:

A.

Get DBotScore.value where DBotScore.Score (Larger or equals) 4

B.

Get DBotScore.value where DBotScore.Score (equals (int)) 3

C.

Get DBotScore where DBotScore.Score (Larger than) 1

D.

Get DBotScore where DBotScore.Score (Larger or equals) 2

Question 21

What are two common use cases for conditional tasks? (Choose two.)

Options:

A.

They are used for branching paths in a playbook

B.

They are used to interact with users through survey functionality

C.

They are used to determine which incident will be executed

D.

They are used for sending a specific QUESTION NO: to a person or team

Question 22

Which task type would be used to verify/check that an integration was enabled?

Options:

A.

Standard task

B.

Conditional task

C.

Section Header task

D.

Data Collection task

Question 23

At what stage during the incident lifecycle is an incident type assigned?

Options:

A.

Pre-processing

B.

Incident creation

C.

Classification

D.

Playbook execution

Page: 1 / 16
Total 156 questions