Black Friday Biggest Discount Flat 70% Offer - Ends in 0d 00h 00m 00s - Coupon code: 70diswrap

Paloalto Networks PCSAE Dumps

Page: 1 / 16
Total 156 questions

Palo Alto Networks Certified Security Automation Engineer Questions and Answers

Question 1

While testing a custom integration, an XSOAR engineer noticed that the incident fetch interval is missing. How can this be fixed?

Options:

A.

Define the Incident Fetch Interval when running the integration’s commands.

B.

Duplicate the integration. Edit the resulting copy and add incidentFetchInterval as a parameter. Save the integration. Configure the new integration instance with the interval required.

C.

Configure the application to send incidents on the required interval.

D.

Duplicate the integration. Add the interval in the code. Save the integration and Configure the new integration instance with the interval required.

Question 2

Which two methods are used to add new content to the XSOAR Content Repository? (Choose two.)

Options:

A.

Create content and add it to the standard content by contributing through the Marketplace

B.

Use the XSOAR GitHub Contribution Guide to add the contribution to the standard content

C.

Create a support ticket with the custom content for review by the support team

D.

Any custom content will be automatically uploaded to the content repository

Question 3

Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)

Options:

A.

Define input key in the subplaybook task. Map context values to pull from parent playbook.

B.

The output of the previous task automatically becomes the input of the subplaybook.

C.

Map inputs and outputs to the parent playbook and the subplaybook will use the same values.

D.

Open the subplaybook and add inputs or outputs in the Playbook triggered task.

Question 4

Which two causes may be occurring if an integration test is working, but the integration is not fetching incidents? (Choose two.)

Options:

A.

The ’Fetches Incidents’ option may not have been enabled

B.

There are no new events from the external service

C.

The first fetch should be manually triggered to start the fetching process

D.

It can take up to 1-hour before incidents are initially fetched

Question 5

When creating an incident layout section, it is best to place long field values within which of the following?

Options:

A.

Section headers

B.

Rows

C.

Canvas

D.

Cards

Question 6

A Cortex XSOAR Administrator is tasked with building a button for an analyst in order for the analyst to be assigned to the incident as an owner. What is the process?

Options:

A.

Edit the incident layout to add a new button that calls the AssignAnalystToIncident automation with no argument

B.

Edit the incident layout to add a new button that calls the AssignToMeButton automation with argument assignBy={me}

C.

Edit the incident layout to add a new button that calls the AssignAnalystToIncident automation with argument owner={me}

D.

Edit the incident layout to add a new button that calls the AssignAnalystToIncident automation with argument assignBy=current

Question 7

Which three statements are true about the Marketplace? (Choose three.)

Options:

A.

Allows reverting back to a previous version of a content pack

B.

Enables users to participate in the community by sharing content

C.

Publishes content without additional review from the Cortex XSOAR team

D.

Allows uploading of content in additional languages

E.

Offers granularity in installation through content packs

Question 8

An engineer would like to present a trend using widgets to compare to a previous week’s data. Which two methods will allow the engineer to meet the requirement? (Choose two.)

Options:

A.

Create widget of type Line, check ‘Display Trend’ and define as 7 days ago

B.

Create a custom widget using a new incident query

C.

Create widget of type Number, check ‘Display Trend’ and define as 7 days ago

D.

Create a custom widget using a script

Question 9

An engineer wants to customize the regex for the default IP indicator type. How can this change be implemented?

Options:

A.

Create a new indicator type and disable the built-in IP indicator

B.

Edit the regex of the default IP Indicator

C.

Add a new server configuration key that will overwrite the default regex of the IP indicator

D.

Delete the default IP indicator

Question 10

To avoid exceeding API quotas for third-party services, indicators are only updated after the indicator cache expiration period. What is the default cache expiration period for indicators in XSOAR (minutes/days)?

Options:

A.

10,080 minutes (7 days)

B.

20,160 minutes (14 days)

C.

21,600 minutes (15 days)

D.

4,320 minutes (3 days)

Question 11

How would context data be filtered to receive only malicious indicator values with DBotScore?

Options:

A.

Get DBotScore.value where DBotScore.Score (Larger or equals) 4

B.

Get DBotScore.value where DBotScore.Score (equals (int)) 3

C.

Get DBotScore where DBotScore.Score (Larger than) 1

D.

Get DBotScore where DBotScore.Score (Larger or equals) 2

Question 12

Where would you look to find a personalized view of your own incidents and tasks?

Options:

A.

Incident Summary View

B.

My Incidents

C.

My Threat Landscape

D.

My Dashboard

Question 13

An engineer would like to add a custom field to the New Job form for a job triggered from a threat intel feed. How would the engineer implement this?

Options:

A.

The new job form changes based on the threat intel feed integration configuration

B.

The new job form can be edited from the Indicator Feed incident type editor

C.

The new job form for a threat intel feed job cannot be edited

D.

The new job form can be edited from the threat intel feeds integration settings

Question 14

Which three authentication methods are supported when logging into XSOAR? (Choose three.)

Options:

A.

OTP token

B.

User name and password

C.

SAML

D.

Active Directory authentication

E.

RADIUS

Question 15

When creating a new tab in the layout, which section cannot be added?

Options:

A.

Retrieve widget chart based on script

B.

Related incidents

C.

War room entries picked by entry query

D.

Incident team members

Question 16

You need to retrieve a list of all malicious hashes over the last 30 days. What is the correct query to use?

Options:

A.

type:File reputation:Malicious sourcetimestamp:"30 days ago"

B.

type:File verdict:Malicious sourcetimestamp:<="30 days ago"

C.

type:File reputation:Malicious sourcetimestamp:="30 days ago"

D.

type:File verdict:Malicious sourcetimestamp:>="30 days ago"

Question 17

For troubleshooting, after a log bundle is created, where do the logs appear on the XCSOAR server?

Options:

A.

/var/lib/demisto

B.

/tmp/log/demisto

C.

/usr/local/demisto

D.

/var/log/demisto

Question 18

Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)

Options:

A.

Python

B.

Perl

C.

Go

D.

JavaScript

E.

Powershell

Question 19

What is the default landing page for a new user in XSOAR?

Options:

A.

Dashboards

B.

Threat Intel

C.

Settings

D.

Marketplace

Question 20

An analyst runs the following command in a playbook task:

!ip ip=1.1.1.1

Which extraction mode needs to be enabled on the Advanced tab of the playbook task to synchronously extract indicators from the results of this command?

Options:

A.

Synchronous

B.

Extract

C.

Out of band

D.

Inline

Question 21

An Engineer wants to filter a csvList value according to a dynamic value saved under the test context key.

Which three values would save the test context key? (Choose three.)

as

Options:

A.

Get csvList.value where csvList.value equals test [from previous tasks]

B.

Get csvList.value where csvList.value equals ${test} [from previous tasks]

C.

Get csvList.value where csvList.value equals test {}[from previous tasks]

D.

Get csvList.value where csvList.value equals test [as value]

E.

Get csvList.value where csvList.value equals ${test} [as value]

Question 22

What is the most effective way to correlate multiple raw events coming from a SIEM and link them together?

Options:

A.

Process all alerts by running the respective playbook and link related incidents during post-processing

B.

Ingest all raw events, run a custom script to find the relationship between them and proceed to link them together

C.

Configure a pre-process rule to link related events as they are ingested

D.

Manually go through the incidents created by the raw events and link related incidents

Page: 1 / 16
Total 156 questions