ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCSAE

Palo Alto Networks PCSAE Practice Test - Questions Answers, Page 10

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?
An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users. Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
What does Script helper contain?
An engineer deployed two different instances of Active Directory for each organization site. As part of account enrichment use case, the engineer would like to delete a user from one specific site. Which command will accomplish this?
Which of the following is a basic setting that can be configured in an automation?
What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)
A SOC analyst needs to retrieve the list of all open phishing incidents in the last 30 days. What is the correct query to use?
To avoid exceeding API quotas for third-party services, indicators are only updated after the indicator cache expiration period. What is the default cache expiration period for indicators in XSOAR (minutes/days)?
Which development languages are supported when creating XSOAR automation scripts?

Question 91

Report
Export
Collapse

What will happen if a playbook debugger is left running for more than 24 hours?

A.
By default, every 24 hours, the system closes any debugger sessions that have been open for more than 180 minutes.
A.
By default, every 24 hours, the system closes any debugger sessions that have been open for more than 180 minutes.
Answers
B.
The session must be stopped during 180 minutes manually by administrator, user will receive notification automatically.
B.
The session must be stopped during 180 minutes manually by administrator, user will receive notification automatically.
Answers
C.
The session will be running till stopped manually by administrator.
C.
The session will be running till stopped manually by administrator.
Answers
D.
By default, the system closes automatically any debugger session that have been open 180 minutes.
D.
By default, the system closes automatically any debugger session that have been open 180 minutes.
Answers
Suggested answer: D

Question 92

Report
Export
Collapse

You need to retrieve a list of all malicious hashes over the last 30 days. What is the correct query to use?

A.
type:File reputation:Malicious sourcetimestamp:"30 days ago"
A.
type:File reputation:Malicious sourcetimestamp:"30 days ago"
Answers
B.
type:File verdict:Malicious sourcetimestamp:<="30 days ago"
B.
type:File verdict:Malicious sourcetimestamp:<="30 days ago"
Answers
C.
type:File reputation:Malicious sourcetimestamp:="30 days ago"
C.
type:File reputation:Malicious sourcetimestamp:="30 days ago"
Answers
D.
type:File verdict:Malicious sourcetimestamp:>="30 days ago"
D.
type:File verdict:Malicious sourcetimestamp:>="30 days ago"
Answers
Suggested answer: A

Question 93

Report
Export
Collapse

What is the default configuration for indicator auto-extraction when incidents are created?

A.
Inline
A.
Inline
Answers
B.
Inband
B.
Inband
Answers
C.
None
C.
None
Answers
D.
Out of band
D.
Out of band
Answers
Suggested answer: A

Question 94

Report
Export
Collapse

What are the out-of-the-box aggregate values that can be applied on widgets data?

A.
Min, Max, Count, Average, Custom Transformers
A.
Min, Max, Count, Average, Custom Transformers
Answers
B.
Min, Max, Count, Average, Custom Group By
B.
Min, Max, Count, Average, Custom Group By
Answers
C.
Count, Average, Sum, Min, Max
C.
Count, Average, Sum, Min, Max
Answers
D.
Count, Sum, Min, Max, Transformers
D.
Count, Sum, Min, Max, Transformers
Answers
Suggested answer: C

Question 95

Report
Export
Collapse

What assigns newly ingested event attributes to incident fields?

A.
Playbooks
A.
Playbooks
Answers
B.
Classification
B.
Classification
Answers
C.
Mapping
C.
Mapping
Answers
D.
Layouts
D.
Layouts
Answers
Suggested answer: C

Question 96

Report
Export
Collapse

The XSOAR administrator is writing an automation and would like to return an error entry back into XSOAR if a particular command errors out. How can this be achieved?

A.
Using the demisto_error() function
A.
Using the demisto_error() function
Answers
B.
Using a print statement
B.
Using a print statement
Answers
C.
Using the demisto.debug() function
C.
Using the demisto.debug() function
Answers
D.
Using the return_error() function
D.
Using the return_error() function
Answers
Suggested answer: C

Question 97

Report
Export
Collapse

An organization has recently acquired another company as its subsidiary. The subsidiary has its infrastructure on AWS cloud as illustrated in the image below:

The organization wants to use the mail server location on the subsidiary's cloud to send emails.

Without acquiring additional licenses, which XSOAR component can fulfill the requirement?

A.
XSOAR D2 Agents, to send the required emails.
A.
XSOAR D2 Agents, to send the required emails.
Answers
B.
An XSOAR engine that is downloaded from the XSOAR server and installed within the subsidiary.
B.
An XSOAR engine that is downloaded from the XSOAR server and installed within the subsidiary.
Answers
C.
Another XSOAR server that uses the same license as their primary XSOAR server.
C.
Another XSOAR server that uses the same license as their primary XSOAR server.
Answers
D.
A Linux server connected with an XSOAR server using SSH integration. Commands can be run remotely to access the mail server.
D.
A Linux server connected with an XSOAR server using SSH integration. Commands can be run remotely to access the mail server.
Answers
Suggested answer: D

Question 98

Report
Export
Collapse

A playbook task generates a report as HTML in the context data.

An engineer creates a custom indicator field of type "HTML" and adds the field to a section in a custom indicator layout. How can the engineer populate the HTML field in the indicator layout?

A.
Populate the custom indicator field with the built-in !SetIndicator command.
A.
Populate the custom indicator field with the built-in !SetIndicator command.
Answers
B.
Add HTML to a list using !setList and use it as an HTML template to populate the custom indicator field.
B.
Add HTML to a list using !setList and use it as an HTML template to populate the custom indicator field.
Answers
C.
Create a custom Indicator Mapper and populate the custom indicator field.
C.
Create a custom Indicator Mapper and populate the custom indicator field.
Answers
D.
Use the Mapping option in the playbook task that generates the HTML report to populate the custom indicator field.
D.
Use the Mapping option in the playbook task that generates the HTML report to populate the custom indicator field.
Answers
Suggested answer: D

Explanation:

Reference: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.6/Cortex-XSOARAdministrator-Guide/Configure-the-HTML-Field

Question 99

Report
Export
Collapse

What are the three ways to add/mark entries as evidence inside the Evidence Board? (Choose three.)

A.
Manually directly from the War Room with the Actions drop-down
A.
Manually directly from the War Room with the Actions drop-down
Answers
B.
From the Notes section (mark as entry icon)
B.
From the Notes section (mark as entry icon)
Answers
C.
Manually from the playbook task (mark as entry icon)
C.
Manually from the playbook task (mark as entry icon)
Answers
D.
Automatically from playbook tasks when the option is selected on the Advanced tab
D.
Automatically from playbook tasks when the option is selected on the Advanced tab
Answers
E.
By running the command !MarkAsEvidence
E.
By running the command !MarkAsEvidence
Answers
Suggested answer: A, B, D

Question 100

Report
Export
Collapse

Which tag must be applied to an Automation Script in order for it to be available when configuring an Indicator Type?

A.
reputation-script
A.
reputation-script
Answers
B.
enrich
B.
enrich
Answers
C.
reputationScript
C.
reputationScript
Answers
D.
reputation
D.
reputation
Answers
Suggested answer: C
Total 157 questions
Go to page: of 16
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms