ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCSAE

Palo Alto Networks PCSAE Practice Test - Questions Answers, Page 12

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?
An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users. Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
Which of the following is a basic setting that can be configured in an automation?
What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)
A SOC analyst needs to retrieve the list of all open phishing incidents in the last 30 days. What is the correct query to use?
To avoid exceeding API quotas for third-party services, indicators are only updated after the indicator cache expiration period. What is the default cache expiration period for indicators in XSOAR (minutes/days)?
Which development languages are supported when creating XSOAR automation scripts?
What is the default landing page for a new user in XSOAR?
Which configuration is a valid distributed database (DB) implementation?

Question 111

Report
Export
Collapse

Which task type would be used to verify/check that an integration was enabled?

A.
Standard task
A.
Standard task
Answers
B.
Conditional task
B.
Conditional task
Answers
C.
Section Header task
C.
Section Header task
Answers
D.
Data Collection task
D.
Data Collection task
Answers
Suggested answer: D

Question 112

Report
Export
Collapse

What is used to trigger playbooks automatically based on the classification of an incident?

A.
Indicator type
A.
Indicator type
Answers
B.
Incoming mapper
B.
Incoming mapper
Answers
C.
Incident types
C.
Incident types
Answers
D.
Integration configuration
D.
Integration configuration
Answers
Suggested answer: C

Question 113

Report
Export
Collapse

After executing the DeleteContext automation with all=yes argument, how would the context data of an incident present?

A.
All the data, including the incident key will be deleted, and the context data will be completely empty.
A.
All the data, including the incident key will be deleted, and the context data will be completely empty.
Answers
B.
No difference, the automation cannot be executed manually.
B.
No difference, the automation cannot be executed manually.
Answers
C.
All context data, including custom incident fields will be deleted, system incident fields will remain.
C.
All context data, including custom incident fields will be deleted, system incident fields will remain.
Answers
D.
All context data, except the incident key will be deleted.
D.
All context data, except the incident key will be deleted.
Answers
Suggested answer: D

Question 114

Report
Export
Collapse

An XSOAR engineer has been tasked with exporting all indicators from the production environment in the last 90 days. The final report needs to be in CSV format containing all indicator fields. How can this task be achieved?

A.
Run the command !GetIndicatorsByQuery in CLI with its default arguments and export all indicators in the last 90 days.
A.
Run the command !GetIndicatorsByQuery in CLI with its default arguments and export all indicators in the last 90 days.
Answers
B.
SSH into the server and copy the indicator's database.
B.
SSH into the server and copy the indicator's database.
Answers
C.
In the Threat Intel page, add query firstSeen:>="90 days ago", select All columns in Table View, and click Export to export as a CSV.
C.
In the Threat Intel page, add query firstSeen:>="90 days ago", select All columns in Table View, and click Export to export as a CSV.
Answers
D.
Run the command !findIndicators in CLI with the query firstSeen:>="90 days ago" and export to CSV.
D.
Run the command !findIndicators in CLI with the query firstSeen:>="90 days ago" and export to CSV.
Answers
Suggested answer: C

Question 115

Report
Export
Collapse

An administrator has noticed that an incident fetch has failed, causing several internal workflows to be backed up. The administrator would like to receive notifications the next time the incident fetch fails.

How can they achieve this?

A.
Create a custom playbook that sends an email each time the fetch fails.
A.
Create a custom playbook that sends an email each time the fetch fails.
Answers
B.
Create a new integration that monitors the incident fetch and sends an email if the fetch fails.
B.
Create a new integration that monitors the incident fetch and sends an email if the fetch fails.
Answers
C.
Schedule a job that runs and monitors incidents in XSOAR that will send an email if there are no new incidents.
C.
Schedule a job that runs and monitors incidents in XSOAR that will send an email if there are no new incidents.
Answers
D.
Add a server config to notify when incident fetch fails.
D.
Add a server config to notify when incident fetch fails.
Answers
Suggested answer: B

Question 116

Report
Export
Collapse

An analyst runs the following command in a playbook task:

!ip ip=1.1.1.1

Which extraction mode needs to be enabled on the Advanced tab of the playbook task to synchronously extract indicators from the results of this command?

A.
Synchronous
A.
Synchronous
Answers
B.
Extract
B.
Extract
Answers
C.
Out of band
C.
Out of band
Answers
D.
Inline
D.
Inline
Answers
Suggested answer: D

Question 117

Report
Export
Collapse

Threat Intel search queries can be shared with which of the following? (Select 1)

A.
Users defined in the platform (email or username)
A.
Users defined in the platform (email or username)
Answers
B.
Other organizations via the Marketplace
B.
Other organizations via the Marketplace
Answers
C.
Users outside XSOAR via email invite
C.
Users outside XSOAR via email invite
Answers
D.
Roles defined in the platform
D.
Roles defined in the platform
Answers
Suggested answer: B

Question 118

Report
Export
Collapse

An administrator wants to run an automation in the War Room to set the incident field "Description" to "Confirmed Phishing". Which command should they enter in the War Room CLI?

A.
!incidentSet description="Confirmed Phishing"
A.
!incidentSet description="Confirmed Phishing"
Answers
B.
/incidentSet description=Confirmed Phishing
B.
/incidentSet description=Confirmed Phishing
Answers
C.
!setIncident description="Confirmed Phishing"
C.
!setIncident description="Confirmed Phishing"
Answers
D.
/setIncident description=Confirmed Phishing
D.
/setIncident description=Confirmed Phishing
Answers
Suggested answer: A

Question 119

Report
Export
Collapse

Select the correct incident life cycle on XSOAR.

A.
Planning > Incident Ingestion > Incident Creation > Mapping and Classification > Pre-processing > Playbook runs > Post-processing
A.
Planning > Incident Ingestion > Incident Creation > Mapping and Classification > Pre-processing > Playbook runs > Post-processing
Answers
B.
Planning > Incident Ingestion > Pre-processing > Incident Creation > Mapping and Classification > Playbook runs > Post-processing
B.
Planning > Incident Ingestion > Pre-processing > Incident Creation > Mapping and Classification > Playbook runs > Post-processing
Answers
C.
Planning > Incident Ingestion > Pre-processing > Mapping and Classification > Incident Creation > Playbook runs > Post-processing
C.
Planning > Incident Ingestion > Pre-processing > Mapping and Classification > Incident Creation > Playbook runs > Post-processing
Answers
D.
Planning > Incident Ingestion > Mapping and Classification > Pre-processing > Incident Creation > Playbook runs > Post-processing
D.
Planning > Incident Ingestion > Mapping and Classification > Pre-processing > Incident Creation > Playbook runs > Post-processing
Answers
Suggested answer: D

Question 120

Report
Export
Collapse

Which of the following does a XSOAR Admin need to create an integration with a third party cloud application?

A.
Marketplace access
A.
Marketplace access
Answers
B.
Application with API
B.
Application with API
Answers
C.
Private key/Public key integration
C.
Private key/Public key integration
Answers
D.
Multitenant deployment
D.
Multitenant deployment
Answers
Suggested answer: B
Total 157 questions
Go to page: of 16
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms