ExamGecko
Login
Home / Palo Alto Networks / PCSAE / List of questions
Ask Question

Palo Alto Networks PCSAE Practice Test - Questions Answers, Page 6

List of questions

Question 51

Report
Export
Collapse

Which two features does XSOAR offer to help recover from a server failure? (Choose two.)

Live backup (disaster recovery)
Live backup (disaster recovery)
Distributed database
Distributed database
Backup data to XSOAR engines
Backup data to XSOAR engines
Local backup
Local backup
Suggested answer: A, C
asked 23/09/2024
Andrew Oliphant
36 questions

Question 52

Report
Export
Collapse

When uploading content, which two options could the upload include? (Choose two.)

Indicators
Indicators
Incidents
Incidents
Reports
Reports
Fields
Fields
Suggested answer: A, B
asked 23/09/2024
Ankur Patel
42 questions

Question 53

Report
Export
Collapse

An engineer defined a dashboard which allows important metrics to be displayed. The engineer would like to make this dashboard the default dashboard.

How can it be accomplished?

Default Dashboard can be defined by ‘Role’
Default Dashboard can be defined by ‘Role’
Use the server configuration key: default.dashboards
Use the server configuration key: default.dashboards
Save the dashboard as a widget and apply it to all users
Save the dashboard as a widget and apply it to all users
Right click on the dashboard tab and ‘Set as Default’
Right click on the dashboard tab and ‘Set as Default’
Suggested answer: A

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-preventadmin/monitoring/cortex- xdr-dashboard/manage-dashboards.html

asked 23/09/2024
Erwin Zeisseink
29 questions

Question 54

Report
Export
Collapse

How would context data be filtered to receive only malicious indicator values with DBotScore?

Get DBotScore.value where DBotScore.Score (Larger or equals) 4
Get DBotScore.value where DBotScore.Score (Larger or equals) 4
Get DBotScore.value where DBotScore.Score (equals (int)) 3
Get DBotScore.value where DBotScore.Score (equals (int)) 3
Get DBotScore where DBotScore.Score (Larger than) 1
Get DBotScore where DBotScore.Score (Larger than) 1
Get DBotScore where DBotScore.Score (Larger or equals) 2
Get DBotScore where DBotScore.Score (Larger or equals) 2
Suggested answer: B

Explanation:

Reference:

https://github.com/demisto/content/blob/master//Packs/DeprecatedContent/Integrations/PaloAlto_MineMeld/README.md

asked 23/09/2024
Saptarshi Biswas
32 questions

Question 55

Report
Export
Collapse

Can an automation script execute an integration command and an integration command execute an automation script?

An automation script cannot execute an integration command and an integration command cannot execute an automation script
An automation script cannot execute an integration command and an integration command cannot execute an automation script
An automation script can execute an integration command and an integration command cannot execute an automation script
An automation script can execute an integration command and an integration command cannot execute an automation script
An automation script cannot execute an integration command and an integration command can execute an automation script
An automation script cannot execute an integration command and an integration command can execute an automation script
An automation script can execute an integration command and an integration command can execute an automation script
An automation script can execute an integration command and an integration command can execute an automation script
Suggested answer: B
asked 23/09/2024
claudine Nguepnang
45 questions

Question 56

Report
Export
Collapse

Which two options will troubleshoot an integration’s fetch incidents command? (Choose two.)

In the instance settings, enable the fetch incidents parameter and wait for one minute
In the instance settings, enable the fetch incidents parameter and wait for one minute
Create a one task playbook with a fetch-incident command
Create a one task playbook with a fetch-incident command
execute !<integration_instance_name>-fetch
execute !<integration_instance_name>-fetch
execute !<integration_name>-fetch
execute !<integration_name>-fetch
Suggested answer: A, C

Explanation:

Reference: https://xsoar.pan.dev/docs/integrations/fetching-incidents

asked 23/09/2024
mark anthony sampayan
34 questions

Question 57

Report
Export
Collapse

DRAG DROP

Match the corresponding action with the appropriate playbook tasks.


Palo Alto Networks PCSAE image Question 57 54720 09232024121234000
Correct answer: Palo Alto Networks PCSAE image answer Question 57 54720 09232024121234000

Explanation:

Reference:

https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoaradmin/playbooks/playbooks- overview.html

asked 23/09/2024
Laura Archilla
36 questions

Question 58

Report
Export
Collapse

Incidents need to be filtered by all of the following criteria:

Status – Pending
Status – Pending
Exclude Category – Job
Exclude Category – Job
Severity – High
Severity – High
Owner – None (No owner assigned)
Owner – None (No owner assigned)
Type – Phishing
Type – Phishing
Email Subject – “You have won a million dollars”What is the correct query syntax for the above incident search filter?
Email Subject – “You have won a million dollars”What is the correct query syntax for the above incident search filter?
status==“Pending“ && category!=”job” && severity==”High” && owner==”None” && type==”Phishing” && emailsubject==”You have won a million dollars”
status==“Pending“ && category!=”job” && severity==”High” && owner==”None” && type==”Phishing” && emailsubject==”You have won a million dollars”
Status:Pending and –Category:job and Severity:High and Owner:”” and Type:Phishing and Email Subject:You have won a million dollars
Status:Pending and –Category:job and Severity:High and Owner:”” and Type:Phishing and Email Subject:You have won a million dollars
status:Pending and –category:job and severity:High and owner:”” and type:Phishing and emailsubject:”You have won a million dollars”
status:Pending and –category:job and severity:High and owner:”” and type:Phishing and emailsubject:”You have won a million dollars”
status:Pending or –category:job or severity:High or owner:”” or type:Phishing or emailsubject:”You have won a million dollars”
status:Pending or –category:job or severity:High or owner:”” or type:Phishing or emailsubject:”You have won a million dollars”
Suggested answer: C

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/cortexxsoar-overview/how-to-search-in-cortex-xsoar.html#idcd7fe505-c1c1-42f5-a698-08b5710196d3

asked 23/09/2024
Ahmed Otmani Amaoui
30 questions

Question 59

Report
Export
Collapse

What does Script helper contain?

Available commands
Available commands
Permission settings
Permission settings
Automation version history
Automation version history
Automation timeout configuration
Automation timeout configuration
Suggested answer: A

Explanation:

Reference: https://xsoar.pan.dev/docs/concepts/xsoar-ide

asked 23/09/2024
Nicholas Roy
43 questions

Question 60

Report
Export
Collapse

When mapping incoming data to incident fields, which statement is correct?

Data that is not mapped is placed under labels
Data that is not mapped is placed under labels
Only text fields are classified
Only text fields are classified
Classification cannot be used if mapping is enabled
Classification cannot be used if mapping is enabled
Every incoming field must be mapped
Every incoming field must be mapped
Suggested answer: A

Explanation:

Reference: https://xsoar.pan.dev/docs/incidents/incident-classification-mapping

asked 23/09/2024
Ahmed Khalifa
47 questions
Total 157 questions
Go to page: of 16
Open VPLUS File
Convert VPLUS to PDF

Related questions

Incidents need to be filtered by all of the following criteria:
On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
A playbook task generates a report as HTML in the context data. An engineer creates a custom indicator field of type "HTML" and adds the field to a section in a custom indicator layout. How can the engineer populate the HTML field in the indicator layout?
An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users. Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)
Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)
During configuration of the inputs of a sub-playbook in the main playbook, there is an option under the Loop tab called "For Each Input". What is this option used to?
An engineer wants to customize the regex for the default IP indicator type. How can this change be implemented?
After enriching a username using Active Directory, an engineer would like to send an email to the user’s manager. However, this functionality is not part of the command output. The engineer checks with raw- response=true and notices that the manager’s email is returned, but not saved in the context. How can the engineer save the data so it will be accessible?
What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)