ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCSAE

Palo Alto Networks PCSAE Practice Test - Questions Answers, Page 6

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?
An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users. Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
Which of the following is a basic setting that can be configured in an automation?
What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)
A SOC analyst needs to retrieve the list of all open phishing incidents in the last 30 days. What is the correct query to use?
To avoid exceeding API quotas for third-party services, indicators are only updated after the indicator cache expiration period. What is the default cache expiration period for indicators in XSOAR (minutes/days)?
Which development languages are supported when creating XSOAR automation scripts?
What is the default landing page for a new user in XSOAR?
Which configuration is a valid distributed database (DB) implementation?

Question 51

Report
Export
Collapse

Which two features does XSOAR offer to help recover from a server failure? (Choose two.)

A.
Live backup (disaster recovery)
A.
Live backup (disaster recovery)
Answers
B.
Distributed database
B.
Distributed database
Answers
C.
Backup data to XSOAR engines
C.
Backup data to XSOAR engines
Answers
D.
Local backup
D.
Local backup
Answers
Suggested answer: A, C

Question 52

Report
Export
Collapse

When uploading content, which two options could the upload include? (Choose two.)

A.
Indicators
A.
Indicators
Answers
B.
Incidents
B.
Incidents
Answers
C.
Reports
C.
Reports
Answers
D.
Fields
D.
Fields
Answers
Suggested answer: A, B

Question 53

Report
Export
Collapse

An engineer defined a dashboard which allows important metrics to be displayed. The engineer would like to make this dashboard the default dashboard.

How can it be accomplished?

A.
Default Dashboard can be defined by ‘Role’
A.
Default Dashboard can be defined by ‘Role’
Answers
B.
Use the server configuration key: default.dashboards
B.
Use the server configuration key: default.dashboards
Answers
C.
Save the dashboard as a widget and apply it to all users
C.
Save the dashboard as a widget and apply it to all users
Answers
D.
Right click on the dashboard tab and ‘Set as Default’
D.
Right click on the dashboard tab and ‘Set as Default’
Answers
Suggested answer: A

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-preventadmin/monitoring/cortex- xdr-dashboard/manage-dashboards.html

Question 54

Report
Export
Collapse

How would context data be filtered to receive only malicious indicator values with DBotScore?

A.
Get DBotScore.value where DBotScore.Score (Larger or equals) 4
A.
Get DBotScore.value where DBotScore.Score (Larger or equals) 4
Answers
B.
Get DBotScore.value where DBotScore.Score (equals (int)) 3
B.
Get DBotScore.value where DBotScore.Score (equals (int)) 3
Answers
C.
Get DBotScore where DBotScore.Score (Larger than) 1
C.
Get DBotScore where DBotScore.Score (Larger than) 1
Answers
D.
Get DBotScore where DBotScore.Score (Larger or equals) 2
D.
Get DBotScore where DBotScore.Score (Larger or equals) 2
Answers
Suggested answer: B

Explanation:

Reference:

https://github.com/demisto/content/blob/master//Packs/DeprecatedContent/Integrations/PaloAlto_MineMeld/README.md

Question 55

Report
Export
Collapse

Can an automation script execute an integration command and an integration command execute an automation script?

A.
An automation script cannot execute an integration command and an integration command cannot execute an automation script
A.
An automation script cannot execute an integration command and an integration command cannot execute an automation script
Answers
B.
An automation script can execute an integration command and an integration command cannot execute an automation script
B.
An automation script can execute an integration command and an integration command cannot execute an automation script
Answers
C.
An automation script cannot execute an integration command and an integration command can execute an automation script
C.
An automation script cannot execute an integration command and an integration command can execute an automation script
Answers
D.
An automation script can execute an integration command and an integration command can execute an automation script
D.
An automation script can execute an integration command and an integration command can execute an automation script
Answers
Suggested answer: B

Question 56

Report
Export
Collapse

Which two options will troubleshoot an integration’s fetch incidents command? (Choose two.)

A.
In the instance settings, enable the fetch incidents parameter and wait for one minute
A.
In the instance settings, enable the fetch incidents parameter and wait for one minute
Answers
B.
Create a one task playbook with a fetch-incident command
B.
Create a one task playbook with a fetch-incident command
Answers
C.
execute !<integration_instance_name>-fetch
C.
execute !<integration_instance_name>-fetch
Answers
D.
execute !<integration_name>-fetch
D.
execute !<integration_name>-fetch
Answers
Suggested answer: A, C

Explanation:

Reference: https://xsoar.pan.dev/docs/integrations/fetching-incidents

Question 57

Report
Export
Collapse

DRAG DROP

Match the corresponding action with the appropriate playbook tasks.


Question 57
Correct answer: Question 57

Explanation:

Reference:

https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoaradmin/playbooks/playbooks- overview.html

Question 58

Report
Export
Collapse

Incidents need to be filtered by all of the following criteria:

A.
Status – Pending
A.
Status – Pending
Answers
B.
Exclude Category – Job
B.
Exclude Category – Job
Answers
C.
Severity – High
C.
Severity – High
Answers
D.
Owner – None (No owner assigned)
D.
Owner – None (No owner assigned)
Answers
E.
Type – Phishing
E.
Type – Phishing
Answers
F.
Email Subject – “You have won a million dollars”What is the correct query syntax for the above incident search filter?
F.
Email Subject – “You have won a million dollars”What is the correct query syntax for the above incident search filter?
Answers
G.
status==“Pending“ && category!=”job” && severity==”High” && owner==”None” && type==”Phishing” && emailsubject==”You have won a million dollars”
G.
status==“Pending“ && category!=”job” && severity==”High” && owner==”None” && type==”Phishing” && emailsubject==”You have won a million dollars”
Answers
H.
Status:Pending and –Category:job and Severity:High and Owner:”” and Type:Phishing and Email Subject:You have won a million dollars
H.
Status:Pending and –Category:job and Severity:High and Owner:”” and Type:Phishing and Email Subject:You have won a million dollars
Answers
I.
status:Pending and –category:job and severity:High and owner:”” and type:Phishing and emailsubject:”You have won a million dollars”
I.
status:Pending and –category:job and severity:High and owner:”” and type:Phishing and emailsubject:”You have won a million dollars”
Answers
J.
status:Pending or –category:job or severity:High or owner:”” or type:Phishing or emailsubject:”You have won a million dollars”
J.
status:Pending or –category:job or severity:High or owner:”” or type:Phishing or emailsubject:”You have won a million dollars”
Answers
Suggested answer: C

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/cortexxsoar-overview/how-to-search-in-cortex-xsoar.html#idcd7fe505-c1c1-42f5-a698-08b5710196d3

Question 59

Report
Export
Collapse

What does Script helper contain?

A.
Available commands
A.
Available commands
Answers
B.
Permission settings
B.
Permission settings
Answers
C.
Automation version history
C.
Automation version history
Answers
D.
Automation timeout configuration
D.
Automation timeout configuration
Answers
Suggested answer: A

Explanation:

Reference: https://xsoar.pan.dev/docs/concepts/xsoar-ide

Question 60

Report
Export
Collapse

When mapping incoming data to incident fields, which statement is correct?

A.
Data that is not mapped is placed under labels
A.
Data that is not mapped is placed under labels
Answers
B.
Only text fields are classified
B.
Only text fields are classified
Answers
C.
Classification cannot be used if mapping is enabled
C.
Classification cannot be used if mapping is enabled
Answers
D.
Every incoming field must be mapped
D.
Every incoming field must be mapped
Answers
Suggested answer: A

Explanation:

Reference: https://xsoar.pan.dev/docs/incidents/incident-classification-mapping

Total 157 questions
Go to page: of 16
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms