Palo Alto Networks Certified Security Automation Engineer Questions and Answers
While testing a custom integration, an XSOAR engineer noticed that the incident fetch interval is missing. How can this be fixed?
Which two methods are used to add new content to the XSOAR Content Repository? (Choose two.)
Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)
Which two causes may be occurring if an integration test is working, but the integration is not fetching incidents? (Choose two.)
When creating an incident layout section, it is best to place long field values within which of the following?
A Cortex XSOAR Administrator is tasked with building a button for an analyst in order for the analyst to be assigned to the incident as an owner. What is the process?
Which three statements are true about the Marketplace? (Choose three.)
An engineer would like to present a trend using widgets to compare to a previous week’s data. Which two methods will allow the engineer to meet the requirement? (Choose two.)
An engineer wants to customize the regex for the default IP indicator type. How can this change be implemented?
To avoid exceeding API quotas for third-party services, indicators are only updated after the indicator cache expiration period. What is the default cache expiration period for indicators in XSOAR (minutes/days)?
How would context data be filtered to receive only malicious indicator values with DBotScore?
Where would you look to find a personalized view of your own incidents and tasks?
An engineer would like to add a custom field to the New Job form for a job triggered from a threat intel feed. How would the engineer implement this?
Which three authentication methods are supported when logging into XSOAR? (Choose three.)
When creating a new tab in the layout, which section cannot be added?
You need to retrieve a list of all malicious hashes over the last 30 days. What is the correct query to use?
For troubleshooting, after a log bundle is created, where do the logs appear on the XCSOAR server?
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
What is the default landing page for a new user in XSOAR?
An analyst runs the following command in a playbook task:
!ip ip=1.1.1.1
Which extraction mode needs to be enabled on the Advanced tab of the playbook task to synchronously extract indicators from the results of this command?
An Engineer wants to filter a csvList value according to a dynamic value saved under the test context key.
Which three values would save the test context key? (Choose three.)
What is the most effective way to correlate multiple raw events coming from a SIEM and link them together?