ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCSAE

Palo Alto Networks PCSAE Practice Test - Questions Answers, Page 4

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?
What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)
A SOC analyst needs to retrieve the list of all open phishing incidents in the last 30 days. What is the correct query to use?
Which development languages are supported when creating XSOAR automation scripts?
What is the default landing page for a new user in XSOAR?
An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users. Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)
Which configuration is a valid distributed database (DB) implementation?
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
What does Script helper contain?
Which of the following is a basic setting that can be configured in an automation?

Question 31

Report
Export
Collapse

DRAG DROP

Match the operations with the appropriate context.


Question 31
Correct answer: Question 31

Question 32

Report
Export
Collapse

Which three statements are true about the Marketplace? (Choose three.)

A.
Allows reverting back to a previous version of a content pack
A.
Allows reverting back to a previous version of a content pack
Answers
B.
Enables users to participate in the community by sharing content
B.
Enables users to participate in the community by sharing content
Answers
C.
Publishes content without additional review from the Cortex XSOAR team
C.
Publishes content without additional review from the Cortex XSOAR team
Answers
D.
Allows uploading of content in additional languages
D.
Allows uploading of content in additional languages
Answers
E.
Offers granularity in installation through content packs
E.
Offers granularity in installation through content packs
Answers
Suggested answer: A, B, E

Question 33

Report
Export
Collapse

What can be added to offload integration instance processing from the main server?

A.
Database node
A.
Database node
Answers
B.
Application server
B.
Application server
Answers
C.
Engine
C.
Engine
Answers
D.
Development server
D.
Development server
Answers
Suggested answer: A

Question 34

Report
Export
Collapse

Which XSOAR architecture would be recommended for Managed Security Service Providers (MSSP)?

A.
Multi-region
A.
Multi-region
Answers
B.
Dev-Prod
B.
Dev-Prod
Answers
C.
Multi-tenant
C.
Multi-tenant
Answers
D.
Distributed database
D.
Distributed database
Answers
Suggested answer: C

Explanation:

Reference: https://www.ncsi.com/wp-content/uploads/2020/11/cortex-xsoar.pdf

Question 35

Report
Export
Collapse

An incident field is created having the display name as Source_IP. How can the field be accessed?

A.
${incident.sourceip}
A.
${incident.sourceip}
Answers
B.
${incident.Source_IP}
B.
${incident.Source_IP}
Answers
C.
${incident.srcip}
C.
${incident.srcip}
Answers
D.
${incident.Source IP}
D.
${incident.Source IP}
Answers
Suggested answer: C

Question 36

Report
Export
Collapse

DRAG DROP

Arrange these steps in the order that they occur during an incident fetch.


Question 36
Correct answer: Question 36

Explanation:

Integration performs

Classification is applied

Mapping is applied

Incident is created (before incident creation it should be also pre-process rule step)

Question 37

Report
Export
Collapse

An engineer deployed two different instances of Active Directory for each organization site. As part of account enrichment use case, the engineer would like to delete a user from one specific site.

Which command will accomplish this?

A.
run ‘ad-delete-user’ command with ‘user-dn’ arg and using-brand=“Active Directory Query v2”
A.
run ‘ad-delete-user’ command with ‘user-dn’ arg and using-brand=“Active Directory Query v2”
Answers
B.
run ‘ad-delete-user’ command with ‘user-dn’ arg and raw-response=true
B.
run ‘ad-delete-user’ command with ‘user-dn’ arg and raw-response=true
Answers
C.
run ‘ad-delete-user’ command with ‘user-dn’ arg and ignore-outputs=true
C.
run ‘ad-delete-user’ command with ‘user-dn’ arg and ignore-outputs=true
Answers
D.
run ‘ad-delete-user’ command with ‘user-dn’ arg and using=“Active Directory Query v2_instance_1”
D.
run ‘ad-delete-user’ command with ‘user-dn’ arg and using=“Active Directory Query v2_instance_1”
Answers
Suggested answer: D

Question 38

Report
Export
Collapse

An engineer is developing a playbook that will be run multiple times for testing purposes. What is the recommended first task to be used in the playbook?

A.
DeleteContext
A.
DeleteContext
Answers
B.
GenerateTest
B.
GenerateTest
Answers
C.
PrintContext
C.
PrintContext
Answers
D.
SetContext
D.
SetContext
Answers
Suggested answer: A

Explanation:

Reference: https://xsoar.pan.dev/docs/integrations/test-playbooks

Question 39

Report
Export
Collapse

What is the most effective way to correlate multiple raw events coming from a SIEM and link them together?

A.
Process all alerts by running the respective playbook and link related incidents during postprocessing
A.
Process all alerts by running the respective playbook and link related incidents during postprocessing
Answers
B.
Ingest all raw events, run a custom script to find the relationship between them and proceed to link them together
B.
Ingest all raw events, run a custom script to find the relationship between them and proceed to link them together
Answers
C.
Configure a pre-process rule to link related events as they are ingested
C.
Configure a pre-process rule to link related events as they are ingested
Answers
D.
Manually go through the incidents created by the raw events and link related incidents
D.
Manually go through the incidents created by the raw events and link related incidents
Answers
Suggested answer: C

Question 40

Report
Export
Collapse

Which two incident search queries are valid? (Choose two.)

A.
created:>=”7 days”
A.
created:>=”7 days”
Answers
B.
owner===admin
B.
owner===admin
Answers
C.
role is Analyst
C.
role is Analyst
Answers
D.
status:closed –category:job
D.
status:closed –category:job
Answers
Suggested answer: A, D

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/cortexxsoar-overview/how-to-search-in-cortex-xsoar.html

Total 157 questions
Go to page: of 16
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms