ExamGecko
Search Search Login
Ask QuestionAsk Question

Palo Alto Networks PCSAE Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Incidents need to be filtered by all of the following criteria:
On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
A playbook task generates a report as HTML in the context data. An engineer creates a custom indicator field of type "HTML" and adds the field to a section in a custom indicator layout. How can the engineer populate the HTML field in the indicator layout?
An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users. Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)
Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)
During configuration of the inputs of a sub-playbook in the main playbook, there is an option under the Loop tab called "For Each Input". What is this option used to?
An engineer wants to customize the regex for the default IP indicator type. How can this change be implemented?
After enriching a username using Active Directory, an engineer would like to send an email to the user’s manager. However, this functionality is not part of the command output. The engineer checks with raw- response=true and notices that the manager’s email is returned, but not saved in the context. How can the engineer save the data so it will be accessible?
What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)

Question 1

Report
Export
Collapse

Which two advanced attributes can be applied to incident fields when editing? (Choose two.)

A.
Set a field trigger script
A.
Set a field trigger script
Answers
B.
Associate to an incident type
B.
Associate to an incident type
Answers
C.
Change field type
C.
Change field type
Answers
D.
Change field name
D.
Change field name
Answers
Suggested answer: A, B

Explanation:

Reference: https://docs.servicenow.com/bundle/quebec-it-servicemanagement/page/product/incident- management/reference/incident-managementproperties.html

asked 23/09/2024
MIGUEL PARADA VAZQUEZ
34 questions

Question 2

Report
Export
Collapse

Given an incident with three files, how could the name of the second file be referenced?

A.
${Files.[2].Name}
A.
${Files.[2].Name}
Answers
B.
${Files.Name.[2]}
B.
${Files.Name.[2]}
Answers
C.
${File.[1].Name}
C.
${File.[1].Name}
Answers
D.
${File.Name.[1]}
D.
${File.Name.[1]}
Answers
Suggested answer: D
asked 23/09/2024
Kevin Brigitta
27 questions

Question 3

Report
Export
Collapse

Which component can be part of a load balancing group?

A.
Distributed database
A.
Distributed database
Answers
B.
D2 agent
B.
D2 agent
Answers
C.
Engine
C.
Engine
Answers
D.
Load balancing server
D.
Load balancing server
Answers
Suggested answer: C

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoaradmin/engines/understand- demisto-engines.html

asked 23/09/2024
Antonio Pombo
36 questions

Question 4

Report
Export
Collapse

Which method accesses a field called ‘User Mail’ in a playbook?

A.
${incident.usermail}
A.
${incident.usermail}
Answers
B.
${incident.User Mail}
B.
${incident.User Mail}
Answers
C.
${incident.UserMail}
C.
${incident.UserMail}
Answers
D.
${usermail}
D.
${usermail}
Answers
Suggested answer: A
asked 23/09/2024
Akhil Borkar
40 questions

Question 5

Report
Export
Collapse

A SOC manager built a dashboard and would like to share the dashboard with other team members.

How would the SOC manager create a dashboard that meets this requirement?

A.
Manually share the dashboard through user emails
A.
Manually share the dashboard through user emails
Answers
B.
Dashboard is shared to all XSOAR users
B.
Dashboard is shared to all XSOAR users
Answers
C.
Propagate the dashboard based on SAML authentication
C.
Propagate the dashboard based on SAML authentication
Answers
D.
Dashboard is shared to all XSOAR users in a selected role
D.
Dashboard is shared to all XSOAR users in a selected role
Answers
Suggested answer: D

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoaradmin/dashboards/share- a-dashboard.html

asked 23/09/2024
Kenny McCue
32 questions

Question 6

Report
Export
Collapse

Which two methods will allow data to be saved in incident fields within a playbook? (Choose two.)

A.
setFields
A.
setFields
Answers
B.
Field mapping
B.
Field mapping
Answers
C.
setIncident
C.
setIncident
Answers
D.
Layout inline editing
D.
Layout inline editing
Answers
Suggested answer: B, C
asked 23/09/2024
James Brion
37 questions

Question 7

Report
Export
Collapse

DRAG DROP

Match the action with the most appropriate playbook task type.


Question 7
Correct answer: Question 7

Explanation:

https://www.jaacostan.com/2021/02/palo-alto-cortex-xsoar-playbook-icons.html

asked 23/09/2024
Andres Mauricio Rodriguez
35 questions

Question 8

Report
Export
Collapse

Which built-in automation/command cab be used to change an incident’s type?

A.
setIncident
A.
setIncident
Answers
B.
Set
B.
Set
Answers
C.
GetFieldsByIncidentType
C.
GetFieldsByIncidentType
Answers
D.
modifyIncidentFields
D.
modifyIncidentFields
Answers
Suggested answer: A

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoaradmin/incidents/incidents- management/incident-fields/field-trigger-scripts.html

asked 23/09/2024
Ivan Ivanov
31 questions

Question 9

Report
Export
Collapse

An engineer notices that playbooks only start once the user clicks the ‘investigate’ button and he/she would like the playbook to start automatically.

How can this be implemented?

A.
Add the playbook to the integration’s settings
A.
Add the playbook to the integration’s settings
Answers
B.
Select ‘Run playbook automatically’ from the incident type settings
B.
Select ‘Run playbook automatically’ from the incident type settings
Answers
C.
Add the !startinvestigation automation to the beginning of the playbook
C.
Add the !startinvestigation automation to the beginning of the playbook
Answers
D.
Select ‘Run playbook automatically’ from the integration settings
D.
Select ‘Run playbook automatically’ from the integration settings
Answers
Suggested answer: B
asked 23/09/2024
Akash Makkar
35 questions

Question 10

Report
Export
Collapse

Which two causes may be occurring if an integration test is working, but the integration is not fetching incidents? (Choose two.)

A.
The ’Fetches Incidents’ option may not have been enabled
A.
The ’Fetches Incidents’ option may not have been enabled
Answers
B.
There are no new events from the external service
B.
There are no new events from the external service
Answers
C.
The first fetch should be manually triggered to start the fetching process
C.
The first fetch should be manually triggered to start the fetching process
Answers
D.
It can take up to 1-hour before incidents are initially fetched
D.
It can take up to 1-hour before incidents are initially fetched
Answers
Suggested answer: A, B
asked 23/09/2024
Ajayi Johnson
45 questions
Total 157 questions
Go to page: of 16
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy policy
Terms
Disclaimer
Refund policy
Copyright
Twitter X
Facebook
Medium