ExamGecko
Login
Home / Palo Alto Networks / PCSAE / List of questions
Ask Question

Palo Alto Networks PCSAE Practice Test - Questions Answers, Page 12

List of questions

Question 111

Report
Export
Collapse

Which task type would be used to verify/check that an integration was enabled?

Standard task
Standard task
Conditional task
Conditional task
Section Header task
Section Header task
Data Collection task
Data Collection task
Suggested answer: D
asked 23/09/2024
Ioana Mihaila
21 questions

Question 112

Report
Export
Collapse

What is used to trigger playbooks automatically based on the classification of an incident?

Indicator type
Indicator type
Incoming mapper
Incoming mapper
Incident types
Incident types
Integration configuration
Integration configuration
Suggested answer: C
asked 23/09/2024
Derek Steven Schulte
41 questions

Question 113

Report
Export
Collapse

After executing the DeleteContext automation with all=yes argument, how would the context data of an incident present?

All the data, including the incident key will be deleted, and the context data will be completely empty.
All the data, including the incident key will be deleted, and the context data will be completely empty.
No difference, the automation cannot be executed manually.
No difference, the automation cannot be executed manually.
All context data, including custom incident fields will be deleted, system incident fields will remain.
All context data, including custom incident fields will be deleted, system incident fields will remain.
All context data, except the incident key will be deleted.
All context data, except the incident key will be deleted.
Suggested answer: D
asked 23/09/2024
Arun Pandian
40 questions

Question 114

Report
Export
Collapse

An XSOAR engineer has been tasked with exporting all indicators from the production environment in the last 90 days. The final report needs to be in CSV format containing all indicator fields. How can this task be achieved?

Run the command !GetIndicatorsByQuery in CLI with its default arguments and export all indicators in the last 90 days.
Run the command !GetIndicatorsByQuery in CLI with its default arguments and export all indicators in the last 90 days.
SSH into the server and copy the indicator's database.
SSH into the server and copy the indicator's database.
In the Threat Intel page, add query firstSeen:>="90 days ago", select All columns in Table View, and click Export to export as a CSV.
In the Threat Intel page, add query firstSeen:>="90 days ago", select All columns in Table View, and click Export to export as a CSV.
Run the command !findIndicators in CLI with the query firstSeen:>="90 days ago" and export to CSV.
Run the command !findIndicators in CLI with the query firstSeen:>="90 days ago" and export to CSV.
Suggested answer: C
asked 23/09/2024
Robert Akehurst
32 questions

Question 115

Report
Export
Collapse

An administrator has noticed that an incident fetch has failed, causing several internal workflows to be backed up. The administrator would like to receive notifications the next time the incident fetch fails.

How can they achieve this?

Create a custom playbook that sends an email each time the fetch fails.
Create a custom playbook that sends an email each time the fetch fails.
Create a new integration that monitors the incident fetch and sends an email if the fetch fails.
Create a new integration that monitors the incident fetch and sends an email if the fetch fails.
Schedule a job that runs and monitors incidents in XSOAR that will send an email if there are no new incidents.
Schedule a job that runs and monitors incidents in XSOAR that will send an email if there are no new incidents.
Add a server config to notify when incident fetch fails.
Add a server config to notify when incident fetch fails.
Suggested answer: B
asked 23/09/2024
Jordan Pfingsten
44 questions

Question 116

Report
Export
Collapse

An analyst runs the following command in a playbook task:

!ip ip=1.1.1.1

Which extraction mode needs to be enabled on the Advanced tab of the playbook task to synchronously extract indicators from the results of this command?

Synchronous
Synchronous
Extract
Extract
Out of band
Out of band
Inline
Inline
Suggested answer: D
asked 23/09/2024
Jeff Benson
44 questions

Question 117

Report
Export
Collapse

Threat Intel search queries can be shared with which of the following? (Select 1)

Become a Premium Member for full access
  Unlock Premium Member

Question 118

Report
Export
Collapse

An administrator wants to run an automation in the War Room to set the incident field "Description" to "Confirmed Phishing". Which command should they enter in the War Room CLI?

Become a Premium Member for full access
  Unlock Premium Member

Question 119

Report
Export
Collapse

Select the correct incident life cycle on XSOAR.

Become a Premium Member for full access
  Unlock Premium Member

Question 120

Report
Export
Collapse

Which of the following does a XSOAR Admin need to create an integration with a third party cloud application?

Become a Premium Member for full access
  Unlock Premium Member
Total 157 questions
Go to page: of 16
Open VPLUS File
Convert VPLUS to PDF

Related questions

Incidents need to be filtered by all of the following criteria:
On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
A playbook task generates a report as HTML in the context data. An engineer creates a custom indicator field of type "HTML" and adds the field to a section in a custom indicator layout. How can the engineer populate the HTML field in the indicator layout?
An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users. Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)
Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)
During configuration of the inputs of a sub-playbook in the main playbook, there is an option under the Loop tab called "For Each Input". What is this option used to?
An engineer wants to customize the regex for the default IP indicator type. How can this change be implemented?
After enriching a username using Active Directory, an engineer would like to send an email to the user’s manager. However, this functionality is not part of the command output. The engineer checks with raw- response=true and notices that the manager’s email is returned, but not saved in the context. How can the engineer save the data so it will be accessible?
What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)