ExamGecko
Search Search Login
Home Home / Palo Alto Networks / PCSAE
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?
An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users. Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
Which of the following is a basic setting that can be configured in an automation?
What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)
A SOC analyst needs to retrieve the list of all open phishing incidents in the last 30 days. What is the correct query to use?
To avoid exceeding API quotas for third-party services, indicators are only updated after the indicator cache expiration period. What is the default cache expiration period for indicators in XSOAR (minutes/days)?
Which development languages are supported when creating XSOAR automation scripts?
What is the default landing page for a new user in XSOAR?
Which configuration is a valid distributed database (DB) implementation?

Question 47 - PCSAE discussion

Report
Export

An engineer’s organization system is registered in the following manner: <SiteName-SystemIDUsername>.

The engineer created a new indicator type for detecting systems using regex. The engineer would now like the username to be created as a separate ‘User’ indicator automatically once a system is found.

What is the most efficient way for the engineer to achieve this?

A.
Create a custom indicator field named ‘username’ and link it to the internal system indicator
Answers
A.
Create a custom indicator field named ‘username’ and link it to the internal system indicator
B.
Change the reputation command for the internal system indicator type
Answers
B.
Change the reputation command for the internal system indicator type
C.
Create a new indicator type of the internal username and set a formatting script to extract only the username
Answers
C.
Create a new indicator type of the internal username and set a formatting script to extract only the username
D.
Create a new indicator type of the internal username and have the regex included on any string that has dash at the beginning
Answers
D.
Create a new indicator type of the internal username and have the regex included on any string that has dash at the beginning
Suggested answer: C

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-threat-intelmanagement-guide/manage-indicators/understand-indicators/indicator-types/indicator-typeprofile

Show Answer
asked 23/09/2024
Konstantinos Lagoudakis
28 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms