ExamGecko

Palo Alto Networks PCSAE Practice Test - Questions Answers, Page 3

Question list
Search
Search

Related questions











Question 21

Report
Export
Collapse

What happens when an integration is deprecated?

A.
The integration commands in a playbook can no longer be used
A.
The integration commands in a playbook can no longer be used
Answers
B.
The integration commands can be used, but it is recommended to update to the latest content pack
B.
The integration commands can be used, but it is recommended to update to the latest content pack
Answers
C.
The configuration settings will be lost and the integration will no longer function
C.
The configuration settings will be lost and the integration will no longer function
Answers
D.
The integration commands in a playbook can be used, but it will fail at runtime
D.
The integration commands in a playbook can be used, but it will fail at runtime
Answers
Suggested answer: B
asked 23/09/2024
Peter Urban
42 questions

Question 22

Report
Export
Collapse

Which investigation element is best suited for collaboration among users?

A.
Work Plan
A.
Work Plan
Answers
B.
Related Incidents
B.
Related Incidents
Answers
C.
War Room
C.
War Room
Answers
D.
Context Data
D.
Context Data
Answers
Suggested answer: D

Explanation:

Reference: https://blog.paloaltonetworks.com/2020/01/cortex-security-operations/

asked 23/09/2024
Marco Di Munno
36 questions

Question 23

Report
Export
Collapse

Which three support types are included in the Marketplace Content Packs? (Choose three.)

A.
Customer supported
A.
Customer supported
Answers
B.
Contex XSOAR supported
B.
Contex XSOAR supported
Answers
C.
Community supported
C.
Community supported
Answers
D.
Partner supported
D.
Partner supported
Answers
E.
Prisma Cloud supported
E.
Prisma Cloud supported
Answers
Suggested answer: B, C, D

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoaradmin/marketplace/ marketplace-overview/content-packs-support-types.html

asked 23/09/2024
Vikram Panchal
37 questions

Question 24

Report
Export
Collapse

Which three authentication methods are supported when logging into XSOAR? (Choose three.)

A.
OTP token
A.
OTP token
Answers
B.
User name and password
B.
User name and password
Answers
C.
SAML
C.
SAML
Answers
D.
Active Directory authentication
D.
Active Directory authentication
Answers
E.
RADIUS
E.
RADIUS
Answers
Suggested answer: C, D, E

Explanation:

Reference: https://www.paloguard.com/GlobalProtect.asp

asked 23/09/2024
Sairam Emmidishetti
36 questions

Question 25

Report
Export
Collapse

Which two components have their own context data? (Choose two.)

A.
Sub-playbook
A.
Sub-playbook
Answers
B.
Task
B.
Task
Answers
C.
Field
C.
Field
Answers
D.
Incident
D.
Incident
Answers
Suggested answer: A, D
asked 23/09/2024
Firew Abebe
29 questions

Question 26

Report
Export
Collapse

What are two main uses of context data? (Choose two.)

A.
Store incident information in JSON format
A.
Store incident information in JSON format
Answers
B.
Store incident information in XML format
B.
Store incident information in XML format
Answers
C.
Pass data between playbook tasks
C.
Pass data between playbook tasks
Answers
D.
Pass data between to-do tasks
D.
Pass data between to-do tasks
Answers
Suggested answer: A, C

Explanation:

Reference: https://xsoar.pan.dev/docs/integrations/context-andoutputs#:~:text=The%20main%20use%20of% 20the,the%20Context%20and%20uses%20it.

asked 23/09/2024
Kamal maru
41 questions

Question 27

Report
Export
Collapse

Multiple company assets were reported by vulnerability scanners as being vulnerable to CVE-2017- 11882. This vulnerability affects applications installed on workstations. The SOC team needs to take action and apply the new vulnerability patch that was just released. The team must first create a cause for each of the identified assets in ServiceNow IT Service Management (ITSM), in order to notify the IT department. Next, the team creates a task in the main playbook, which extracts the list of assets from the scanner report.

After the list of assets are created, what are the two solutions that the SOC team could take so that a case could be created and a patch installed? (Choose two.)

A.
Create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Condition: AreValuesEqual – Exit on yes – left:1, right 1) and perform the following tasks:- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
A.
Create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Condition: AreValuesEqual – Exit on yes – left:1, right 1) and perform the following tasks:- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
Answers
B.
Create a sub-playbook with a single input containing the computer names that will loop ‘For Each Input’ and perform the following tasks:- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
B.
Create a sub-playbook with a single input containing the computer names that will loop ‘For Each Input’ and perform the following tasks:- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
Answers
C.
Set a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator contains the count of the number of items in the list) and perform the following tasks:- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
C.
Set a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator contains the count of the number of items in the list) and perform the following tasks:- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
Answers
D.
Set a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator equal to count of the number of item in the list) and perform the following tasks:- Increase the iterator value by one each time- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
D.
Set a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator equal to count of the number of item in the list) and perform the following tasks:- Increase the iterator value by one each time- Active Directory User Enrichment based on the computerName- Create the ServiceNow Record by adding the enrichment information- Mark the ticket severity as Urgent
Answers
Suggested answer: B, D
asked 23/09/2024
irwandi irwandi
33 questions

Question 28

Report
Export
Collapse

When creating a new tab in the layout, which section cannot be added?

A.
Retrieve widget chart based on script
A.
Retrieve widget chart based on script
Answers
B.
Related incidents
B.
Related incidents
Answers
C.
War room entries picked by entry query
C.
War room entries picked by entry query
Answers
D.
Incident team members
D.
Incident team members
Answers
Suggested answer: B

Explanation:

https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.6/Cortex-XSOAR-Administrator-Guide/Customize-Incident-Layouts

asked 23/09/2024
Tanner Blair
31 questions

Question 29

Report
Export
Collapse

In which two ways can data be transferred between playbooks and sub-playbooks? (Choose two.)

A.
Inputs and outputs
A.
Inputs and outputs
Answers
B.
Through integration context
B.
Through integration context
Answers
C.
Automatically extracted by sub-playbooks
C.
Automatically extracted by sub-playbooks
Answers
D.
From context data, if context is shared globally
D.
From context data, if context is shared globally
Answers
Suggested answer: A, D
asked 23/09/2024
Arkadiusz Skopinski
40 questions

Question 30

Report
Export
Collapse

By default, which components does an XSOAR implementation include?

A.
XSOAR server, XSOAR engine
A.
XSOAR server, XSOAR engine
Answers
B.
Application server, distributed DB server
B.
Application server, distributed DB server
Answers
C.
Application server, distributed DB server, Backup server
C.
Application server, distributed DB server, Backup server
Answers
D.
All in one server
D.
All in one server
Answers
Suggested answer: B

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoaradmin/installation/install- demisto-on-a-physical-or-virtual-server.html

asked 23/09/2024
Corey Workman
35 questions
Total 157 questions
Go to page: of 16