ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCSAE

Palo Alto Networks PCSAE Practice Test - Questions Answers

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?
An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users. Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
Which of the following is a basic setting that can be configured in an automation?
What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)
A SOC analyst needs to retrieve the list of all open phishing incidents in the last 30 days. What is the correct query to use?
Which development languages are supported when creating XSOAR automation scripts?
What is the default landing page for a new user in XSOAR?
Which configuration is a valid distributed database (DB) implementation?
What does Script helper contain?

Question 1

Report
Export
Collapse

Which two advanced attributes can be applied to incident fields when editing? (Choose two.)

A.
Set a field trigger script
A.
Set a field trigger script
Answers
B.
Associate to an incident type
B.
Associate to an incident type
Answers
C.
Change field type
C.
Change field type
Answers
D.
Change field name
D.
Change field name
Answers
Suggested answer: A, B

Explanation:

Reference: https://docs.servicenow.com/bundle/quebec-it-servicemanagement/page/product/incident- management/reference/incident-managementproperties.html

Question 2

Report
Export
Collapse

Given an incident with three files, how could the name of the second file be referenced?

A.
${Files.[2].Name}
A.
${Files.[2].Name}
Answers
B.
${Files.Name.[2]}
B.
${Files.Name.[2]}
Answers
C.
${File.[1].Name}
C.
${File.[1].Name}
Answers
D.
${File.Name.[1]}
D.
${File.Name.[1]}
Answers
Suggested answer: D

Question 3

Report
Export
Collapse

Which component can be part of a load balancing group?

A.
Distributed database
A.
Distributed database
Answers
B.
D2 agent
B.
D2 agent
Answers
C.
Engine
C.
Engine
Answers
D.
Load balancing server
D.
Load balancing server
Answers
Suggested answer: C

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoaradmin/engines/understand- demisto-engines.html

Question 4

Report
Export
Collapse

Which method accesses a field called ‘User Mail’ in a playbook?

A.
${incident.usermail}
A.
${incident.usermail}
Answers
B.
${incident.User Mail}
B.
${incident.User Mail}
Answers
C.
${incident.UserMail}
C.
${incident.UserMail}
Answers
D.
${usermail}
D.
${usermail}
Answers
Suggested answer: A

Question 5

Report
Export
Collapse

A SOC manager built a dashboard and would like to share the dashboard with other team members.

How would the SOC manager create a dashboard that meets this requirement?

A.
Manually share the dashboard through user emails
A.
Manually share the dashboard through user emails
Answers
B.
Dashboard is shared to all XSOAR users
B.
Dashboard is shared to all XSOAR users
Answers
C.
Propagate the dashboard based on SAML authentication
C.
Propagate the dashboard based on SAML authentication
Answers
D.
Dashboard is shared to all XSOAR users in a selected role
D.
Dashboard is shared to all XSOAR users in a selected role
Answers
Suggested answer: D

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoaradmin/dashboards/share- a-dashboard.html

Question 6

Report
Export
Collapse

Which two methods will allow data to be saved in incident fields within a playbook? (Choose two.)

A.
setFields
A.
setFields
Answers
B.
Field mapping
B.
Field mapping
Answers
C.
setIncident
C.
setIncident
Answers
D.
Layout inline editing
D.
Layout inline editing
Answers
Suggested answer: B, C

Question 7

Report
Export
Collapse

DRAG DROP

Match the action with the most appropriate playbook task type.


Question 7
Correct answer: Question 7

Explanation:

https://www.jaacostan.com/2021/02/palo-alto-cortex-xsoar-playbook-icons.html

Question 8

Report
Export
Collapse

Which built-in automation/command cab be used to change an incident’s type?

A.
setIncident
A.
setIncident
Answers
B.
Set
B.
Set
Answers
C.
GetFieldsByIncidentType
C.
GetFieldsByIncidentType
Answers
D.
modifyIncidentFields
D.
modifyIncidentFields
Answers
Suggested answer: A

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoaradmin/incidents/incidents- management/incident-fields/field-trigger-scripts.html

Question 9

Report
Export
Collapse

An engineer notices that playbooks only start once the user clicks the ‘investigate’ button and he/she would like the playbook to start automatically.

How can this be implemented?

A.
Add the playbook to the integration’s settings
A.
Add the playbook to the integration’s settings
Answers
B.
Select ‘Run playbook automatically’ from the incident type settings
B.
Select ‘Run playbook automatically’ from the incident type settings
Answers
C.
Add the !startinvestigation automation to the beginning of the playbook
C.
Add the !startinvestigation automation to the beginning of the playbook
Answers
D.
Select ‘Run playbook automatically’ from the integration settings
D.
Select ‘Run playbook automatically’ from the integration settings
Answers
Suggested answer: B

Question 10

Report
Export
Collapse

Which two causes may be occurring if an integration test is working, but the integration is not fetching incidents? (Choose two.)

A.
The ’Fetches Incidents’ option may not have been enabled
A.
The ’Fetches Incidents’ option may not have been enabled
Answers
B.
There are no new events from the external service
B.
There are no new events from the external service
Answers
C.
The first fetch should be manually triggered to start the fetching process
C.
The first fetch should be manually triggered to start the fetching process
Answers
D.
It can take up to 1-hour before incidents are initially fetched
D.
It can take up to 1-hour before incidents are initially fetched
Answers
Suggested answer: A, B
Total 157 questions
Go to page: of 16
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms