ExamGecko
Login
Home / Palo Alto Networks / PCSAE / List of questions
Ask Question

Palo Alto Networks PCSAE Practice Test - Questions Answers

List of questions

Question 1

Report
Export
Collapse

Which two advanced attributes can be applied to incident fields when editing? (Choose two.)

Set a field trigger script
Set a field trigger script
Associate to an incident type
Associate to an incident type
Change field type
Change field type
Change field name
Change field name
Suggested answer: A, B

Explanation:

Reference: https://docs.servicenow.com/bundle/quebec-it-servicemanagement/page/product/incident- management/reference/incident-managementproperties.html

asked 23/09/2024
MIGUEL PARADA VAZQUEZ
34 questions

Question 2

Report
Export
Collapse

Given an incident with three files, how could the name of the second file be referenced?

${Files.[2].Name}
${Files.[2].Name}
${Files.Name.[2]}
${Files.Name.[2]}
${File.[1].Name}
${File.[1].Name}
${File.Name.[1]}
${File.Name.[1]}
Suggested answer: D
asked 23/09/2024
Kevin Brigitta
27 questions

Question 3

Report
Export
Collapse

Which component can be part of a load balancing group?

Distributed database
Distributed database
D2 agent
D2 agent
Engine
Engine
Load balancing server
Load balancing server
Suggested answer: C

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoaradmin/engines/understand- demisto-engines.html

asked 23/09/2024
Antonio Pombo
36 questions

Question 4

Report
Export
Collapse

Which method accesses a field called ‘User Mail’ in a playbook?

${incident.usermail}
${incident.usermail}
${incident.User Mail}
${incident.User Mail}
${incident.UserMail}
${incident.UserMail}
${usermail}
${usermail}
Suggested answer: A
asked 23/09/2024
Akhil Borkar
40 questions

Question 5

Report
Export
Collapse

A SOC manager built a dashboard and would like to share the dashboard with other team members.

How would the SOC manager create a dashboard that meets this requirement?

Manually share the dashboard through user emails
Manually share the dashboard through user emails
Dashboard is shared to all XSOAR users
Dashboard is shared to all XSOAR users
Propagate the dashboard based on SAML authentication
Propagate the dashboard based on SAML authentication
Dashboard is shared to all XSOAR users in a selected role
Dashboard is shared to all XSOAR users in a selected role
Suggested answer: D

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoaradmin/dashboards/share- a-dashboard.html

asked 23/09/2024
Kenny McCue
32 questions

Question 6

Report
Export
Collapse

Which two methods will allow data to be saved in incident fields within a playbook? (Choose two.)

setFields
setFields
Field mapping
Field mapping
setIncident
setIncident
Layout inline editing
Layout inline editing
Suggested answer: B, C
asked 23/09/2024
James Brion
37 questions

Question 7

Report
Export
Collapse

DRAG DROP

Match the action with the most appropriate playbook task type.


Palo Alto Networks PCSAE image Question 7 54670 09232024121234000
Correct answer: Palo Alto Networks PCSAE image answer Question 7 54670 09232024121234000

Explanation:

https://www.jaacostan.com/2021/02/palo-alto-cortex-xsoar-playbook-icons.html

asked 23/09/2024
Andres Mauricio Rodriguez
35 questions

Question 8

Report
Export
Collapse

Which built-in automation/command cab be used to change an incident’s type?

setIncident
setIncident
Set
Set
GetFieldsByIncidentType
GetFieldsByIncidentType
modifyIncidentFields
modifyIncidentFields
Suggested answer: A

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoaradmin/incidents/incidents- management/incident-fields/field-trigger-scripts.html

asked 23/09/2024
Ivan Ivanov
31 questions

Question 9

Report
Export
Collapse

An engineer notices that playbooks only start once the user clicks the ‘investigate’ button and he/she would like the playbook to start automatically.

How can this be implemented?

Add the playbook to the integration’s settings
Add the playbook to the integration’s settings
Select ‘Run playbook automatically’ from the incident type settings
Select ‘Run playbook automatically’ from the incident type settings
Add the !startinvestigation automation to the beginning of the playbook
Add the !startinvestigation automation to the beginning of the playbook
Select ‘Run playbook automatically’ from the integration settings
Select ‘Run playbook automatically’ from the integration settings
Suggested answer: B
asked 23/09/2024
Akash Makkar
35 questions

Question 10

Report
Export
Collapse

Which two causes may be occurring if an integration test is working, but the integration is not fetching incidents? (Choose two.)

The ’Fetches Incidents’ option may not have been enabled
The ’Fetches Incidents’ option may not have been enabled
There are no new events from the external service
There are no new events from the external service
The first fetch should be manually triggered to start the fetching process
The first fetch should be manually triggered to start the fetching process
It can take up to 1-hour before incidents are initially fetched
It can take up to 1-hour before incidents are initially fetched
Suggested answer: A, B
asked 23/09/2024
Ajayi Johnson
45 questions
Total 157 questions
Go to page: of 16
Open VPLUS File
Convert VPLUS to PDF

Related questions

Incidents need to be filtered by all of the following criteria:
On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
A playbook task generates a report as HTML in the context data. An engineer creates a custom indicator field of type "HTML" and adds the field to a section in a custom indicator layout. How can the engineer populate the HTML field in the indicator layout?
An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users. Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)
Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)
During configuration of the inputs of a sub-playbook in the main playbook, there is an option under the Loop tab called "For Each Input". What is this option used to?
An engineer wants to customize the regex for the default IP indicator type. How can this change be implemented?
After enriching a username using Active Directory, an engineer would like to send an email to the user’s manager. However, this functionality is not part of the command output. The engineer checks with raw- response=true and notices that the manager’s email is returned, but not saved in the context. How can the engineer save the data so it will be accessible?
What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)