ExamGecko
Login
Home / Palo Alto Networks / PCSAE / List of questions
Ask Question

Palo Alto Networks PCSAE Practice Test - Questions Answers, Page 3

Add to Whishlist

List of questions

Question 21

Report Export Collapse

What happens when an integration is deprecated?

The integration commands in a playbook can no longer be used
The integration commands in a playbook can no longer be used
The integration commands can be used, but it is recommended to update to the latest content pack
The integration commands can be used, but it is recommended to update to the latest content pack
The configuration settings will be lost and the integration will no longer function
The configuration settings will be lost and the integration will no longer function
The integration commands in a playbook can be used, but it will fail at runtime
The integration commands in a playbook can be used, but it will fail at runtime
Suggested answer: B
asked 23/09/2024
Peter Urban
48 questions

Question 22

Report Export Collapse

Which investigation element is best suited for collaboration among users?

Work Plan
Work Plan
Related Incidents
Related Incidents
War Room
War Room
Context Data
Context Data
Suggested answer: D
Explanation:

Reference: https://blog.paloaltonetworks.com/2020/01/cortex-security-operations/

asked 23/09/2024
Marco Di Munno
38 questions

Question 23

Report Export Collapse

Which three support types are included in the Marketplace Content Packs? (Choose three.)

Customer supported
Customer supported
Contex XSOAR supported
Contex XSOAR supported
Community supported
Community supported
Partner supported
Partner supported
Prisma Cloud supported
Prisma Cloud supported
Suggested answer: B, C, D
Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoaradmin/marketplace/ marketplace-overview/content-packs-support-types.html

asked 23/09/2024
Vikram Panchal
45 questions

Question 24

Report Export Collapse

Which three authentication methods are supported when logging into XSOAR? (Choose three.)

OTP token
OTP token
User name and password
User name and password
SAML
SAML
Active Directory authentication
Active Directory authentication
RADIUS
RADIUS
Suggested answer: C, D, E
Explanation:

Reference: https://www.paloguard.com/GlobalProtect.asp

asked 23/09/2024
Sairam Emmidishetti
43 questions

Question 25

Report Export Collapse

Which two components have their own context data? (Choose two.)

Sub-playbook
Sub-playbook
Task
Task
Field
Field
Incident
Incident
Suggested answer: A, D
asked 23/09/2024
Firew Abebe
36 questions

Question 26

Report Export Collapse

What are two main uses of context data? (Choose two.)

Store incident information in JSON format
Store incident information in JSON format
Store incident information in XML format
Store incident information in XML format
Pass data between playbook tasks
Pass data between playbook tasks
Pass data between to-do tasks
Pass data between to-do tasks
Suggested answer: A, C
Explanation:

Reference: https://xsoar.pan.dev/docs/integrations/context-andoutputs#:~:text=The%20main%20use%20of% 20the,the%20Context%20and%20uses%20it.

asked 23/09/2024
Kamal maru
45 questions

Question 27

Report Export Collapse

Multiple company assets were reported by vulnerability scanners as being vulnerable to CVE-2017- 11882. This vulnerability affects applications installed on workstations. The SOC team needs to take action and apply the new vulnerability patch that was just released. The team must first create a cause for each of the identified assets in ServiceNow IT Service Management (ITSM), in order to notify the IT department. Next, the team creates a task in the main playbook, which extracts the list of assets from the scanner report.

After the list of assets are created, what are the two solutions that the SOC team could take so that a case could be created and a patch installed? (Choose two.)

Create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Condition: AreValuesEqual – Exit on yes – left:1, right 1) and perform the following tasks:- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
Create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Condition: AreValuesEqual – Exit on yes – left:1, right 1) and perform the following tasks:- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
Create a sub-playbook with a single input containing the computer names that will loop β€˜For Each Input’ and perform the following tasks:- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
Create a sub-playbook with a single input containing the computer names that will loop β€˜For Each Input’ and perform the following tasks:- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
Set a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator contains the count of the number of items in the list) and perform the following tasks:- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
Set a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator contains the count of the number of items in the list) and perform the following tasks:- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
Set a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator equal to count of the number of item in the list) and perform the following tasks:- Increase the iterator value by one each time- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
Set a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator equal to count of the number of item in the list) and perform the following tasks:- Increase the iterator value by one each time- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
Suggested answer: B, D
asked 23/09/2024
irwandi irwandi
36 questions

Question 28

Report Export Collapse

When creating a new tab in the layout, which section cannot be added?

Retrieve widget chart based on script
Retrieve widget chart based on script
Related incidents
Related incidents
War room entries picked by entry query
War room entries picked by entry query
Incident team members
Incident team members
Suggested answer: B
Explanation:

https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.6/Cortex-XSOAR-Administrator-Guide/Customize-Incident-Layouts

asked 23/09/2024
Tanner Blair
39 questions

Question 29

Report Export Collapse

In which two ways can data be transferred between playbooks and sub-playbooks? (Choose two.)

Inputs and outputs
Inputs and outputs
Through integration context
Through integration context
Automatically extracted by sub-playbooks
Automatically extracted by sub-playbooks
From context data, if context is shared globally
From context data, if context is shared globally
Suggested answer: A, D
asked 23/09/2024
Arkadiusz Skopinski
48 questions

Question 30

Report Export Collapse

By default, which components does an XSOAR implementation include?

XSOAR server, XSOAR engine
XSOAR server, XSOAR engine
Application server, distributed DB server
Application server, distributed DB server
Application server, distributed DB server, Backup server
Application server, distributed DB server, Backup server
All in one server
All in one server
Suggested answer: B
Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoaradmin/installation/install- demisto-on-a-physical-or-virtual-server.html

asked 23/09/2024
Corey Workman
45 questions
Total 157 questions
Go to page: of 16
Open VPLUS File
Convert VPLUS to PDF

Related questions

Incidents need to be filtered by all of the following criteria:
On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
A playbook task generates a report as HTML in the context data. An engineer creates a custom indicator field of type "HTML" and adds the field to a section in a custom indicator layout. How can the engineer populate the HTML field in the indicator layout?
An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users. Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)
Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)
During configuration of the inputs of a sub-playbook in the main playbook, there is an option under the Loop tab called "For Each Input". What is this option used to?
An engineer wants to customize the regex for the default IP indicator type. How can this change be implemented?
After enriching a username using Active Directory, an engineer would like to send an email to the user’s manager. However, this functionality is not part of the command output. The engineer checks with raw- response=true and notices that the manager’s email is returned, but not saved in the context. How can the engineer save the data so it will be accessible?
What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)