ExamGecko
Login
Home / Palo Alto Networks / PCSAE / List of questions
Ask Question

Palo Alto Networks PCSAE Practice Test - Questions Answers, Page 10

List of questions

Question 91

Report
Export
Collapse

What will happen if a playbook debugger is left running for more than 24 hours?

By default, every 24 hours, the system closes any debugger sessions that have been open for more than 180 minutes.
By default, every 24 hours, the system closes any debugger sessions that have been open for more than 180 minutes.
The session must be stopped during 180 minutes manually by administrator, user will receive notification automatically.
The session must be stopped during 180 minutes manually by administrator, user will receive notification automatically.
The session will be running till stopped manually by administrator.
The session will be running till stopped manually by administrator.
By default, the system closes automatically any debugger session that have been open 180 minutes.
By default, the system closes automatically any debugger session that have been open 180 minutes.
Suggested answer: D
asked 23/09/2024
Georgios Kavvalakis
31 questions

Question 92

Report
Export
Collapse

You need to retrieve a list of all malicious hashes over the last 30 days. What is the correct query to use?

type:File reputation:Malicious sourcetimestamp:"30 days ago"
type:File reputation:Malicious sourcetimestamp:"30 days ago"
type:File verdict:Malicious sourcetimestamp:<="30 days ago"
type:File verdict:Malicious sourcetimestamp:<="30 days ago"
type:File reputation:Malicious sourcetimestamp:="30 days ago"
type:File reputation:Malicious sourcetimestamp:="30 days ago"
type:File verdict:Malicious sourcetimestamp:>="30 days ago"
type:File verdict:Malicious sourcetimestamp:>="30 days ago"
Suggested answer: A
asked 23/09/2024
Kamal maru
41 questions

Question 93

Report
Export
Collapse

What is the default configuration for indicator auto-extraction when incidents are created?

Inline
Inline
Inband
Inband
None
None
Out of band
Out of band
Suggested answer: A
asked 23/09/2024
Lascelles Johnson
38 questions

Question 94

Report
Export
Collapse

What are the out-of-the-box aggregate values that can be applied on widgets data?

Min, Max, Count, Average, Custom Transformers
Min, Max, Count, Average, Custom Transformers
Min, Max, Count, Average, Custom Group By
Min, Max, Count, Average, Custom Group By
Count, Average, Sum, Min, Max
Count, Average, Sum, Min, Max
Count, Sum, Min, Max, Transformers
Count, Sum, Min, Max, Transformers
Suggested answer: C
asked 23/09/2024
mckeon mackey
31 questions

Question 95

Report
Export
Collapse

What assigns newly ingested event attributes to incident fields?

Playbooks
Playbooks
Classification
Classification
Mapping
Mapping
Layouts
Layouts
Suggested answer: C
asked 23/09/2024
Mark David
44 questions

Question 96

Report
Export
Collapse

The XSOAR administrator is writing an automation and would like to return an error entry back into XSOAR if a particular command errors out. How can this be achieved?

Using the demisto_error() function
Using the demisto_error() function
Using a print statement
Using a print statement
Using the demisto.debug() function
Using the demisto.debug() function
Using the return_error() function
Using the return_error() function
Suggested answer: C
asked 23/09/2024
Oliver Mark
36 questions

Question 97

Report
Export
Collapse

An organization has recently acquired another company as its subsidiary. The subsidiary has its infrastructure on AWS cloud as illustrated in the image below:

Palo Alto Networks PCSAE image Question 97 54760 09232024001234000000

The organization wants to use the mail server location on the subsidiary's cloud to send emails.

Without acquiring additional licenses, which XSOAR component can fulfill the requirement?

XSOAR D2 Agents, to send the required emails.
XSOAR D2 Agents, to send the required emails.
An XSOAR engine that is downloaded from the XSOAR server and installed within the subsidiary.
An XSOAR engine that is downloaded from the XSOAR server and installed within the subsidiary.
Another XSOAR server that uses the same license as their primary XSOAR server.
Another XSOAR server that uses the same license as their primary XSOAR server.
A Linux server connected with an XSOAR server using SSH integration. Commands can be run remotely to access the mail server.
A Linux server connected with an XSOAR server using SSH integration. Commands can be run remotely to access the mail server.
Suggested answer: D
asked 23/09/2024
Cristian Melo
39 questions

Question 98

Report
Export
Collapse

A playbook task generates a report as HTML in the context data.

An engineer creates a custom indicator field of type "HTML" and adds the field to a section in a custom indicator layout. How can the engineer populate the HTML field in the indicator layout?

Populate the custom indicator field with the built-in !SetIndicator command.
Populate the custom indicator field with the built-in !SetIndicator command.
Add HTML to a list using !setList and use it as an HTML template to populate the custom indicator field.
Add HTML to a list using !setList and use it as an HTML template to populate the custom indicator field.
Create a custom Indicator Mapper and populate the custom indicator field.
Create a custom Indicator Mapper and populate the custom indicator field.
Use the Mapping option in the playbook task that generates the HTML report to populate the custom indicator field.
Use the Mapping option in the playbook task that generates the HTML report to populate the custom indicator field.
Suggested answer: D

Explanation:

Reference: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.6/Cortex-XSOARAdministrator-Guide/Configure-the-HTML-Field

asked 23/09/2024
Billy Mitchell
29 questions

Question 99

Report
Export
Collapse

What are the three ways to add/mark entries as evidence inside the Evidence Board? (Choose three.)

Manually directly from the War Room with the Actions drop-down
Manually directly from the War Room with the Actions drop-down
From the Notes section (mark as entry icon)
From the Notes section (mark as entry icon)
Manually from the playbook task (mark as entry icon)
Manually from the playbook task (mark as entry icon)
Automatically from playbook tasks when the option is selected on the Advanced tab
Automatically from playbook tasks when the option is selected on the Advanced tab
By running the command !MarkAsEvidence
By running the command !MarkAsEvidence
Suggested answer: A, B, D
asked 23/09/2024
Simon Liu
36 questions

Question 100

Report
Export
Collapse

Which tag must be applied to an Automation Script in order for it to be available when configuring an Indicator Type?

reputation-script
reputation-script
enrich
enrich
reputationScript
reputationScript
reputation
reputation
Suggested answer: C
asked 23/09/2024
SIDDIQI TARMIM
38 questions
Total 157 questions
Go to page: of 16
Open VPLUS File
Convert VPLUS to PDF

Related questions

Incidents need to be filtered by all of the following criteria:
On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
A playbook task generates a report as HTML in the context data. An engineer creates a custom indicator field of type "HTML" and adds the field to a section in a custom indicator layout. How can the engineer populate the HTML field in the indicator layout?
An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users. Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)
Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)
During configuration of the inputs of a sub-playbook in the main playbook, there is an option under the Loop tab called "For Each Input". What is this option used to?
An engineer wants to customize the regex for the default IP indicator type. How can this change be implemented?
After enriching a username using Active Directory, an engineer would like to send an email to the user’s manager. However, this functionality is not part of the command output. The engineer checks with raw- response=true and notices that the manager’s email is returned, but not saved in the context. How can the engineer save the data so it will be accessible?
What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)