New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Paloalto Networks PCSAE Palo Alto Networks Certified Security Automation Engineer Exam Practice Test

Page: 1 / 16
Total 156 questions

Palo Alto Networks Certified Security Automation Engineer Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

Incidents need to be filtered by all of the following criteria:

1.Status – Pending

2.Exclude Category – Job

3.Severity – High

4.Owner – None (No owner assigned)

5.Type – Phishing

6.Email Subject – “You have won a million dollars”

What is the correct query syntax for the above incident search filter?

Options:

A.

status==“Pending“ && category!=”job” && severity==”High” && owner==”None” && type==”Phishing” && emailsubject==”You have won a million dollars”

B.

Status:Pending and –Category:job and Severity:High and Owner:”” and Type:Phishing and Email Subject:You have won a million dollars

C.

status:Pending and –category:job and severity:High and owner:”” and type:Phishing and emailsubject:”You have won a million dollars”

D.

status:Pending or –category:job or severity:High or owner:”” or type:Phishing or emailsubject:”You have won a million dollars”

Question 2

Which two features does XSOAR offer to help recover from a server failure? (Choose two.)

Options:

A.

Live backup (disaster recovery)

B.

Distributed database

C.

Backup data to XSOAR engines

D.

Local backup

Question 3

Which two situations would an engineer consider when configuring classification and mapping for an incident type? (Choose two.)

Options:

A.

When creating incidents from the XSOAR REST API

B.

When manually creating an incident from the UI

C.

When adding a new analyst account to XSOAR

D.

When fetching many different incident types from a single mailbox

Question 4

A Cortex XSOAR Administrator is tasked with building a button for an analyst in order for the analyst to be assigned to the incident as an owner. What is the process?

Options:

A.

Edit the incident layout to add a new button that calls the AssignAnalystToIncident automation with no argument

B.

Edit the incident layout to add a new button that calls the AssignToMeButton automation with argument assignBy={me}

C.

Edit the incident layout to add a new button that calls the AssignAnalystToIncident automation with argument owner={me}

D.

Edit the incident layout to add a new button that calls the AssignAnalystToIncident automation with argument assignBy=current

Question 5

A playbook task generates a report as HTML in the context data.

An engineer creates a custom indicator field of type "HTML" and adds the field to a section in a custom indicator layout. How can the engineer populate the HTML field in the indicator layout?

Options:

A.

Populate the custom indicator field with the built-in !SetIndicator command.

B.

Add HTML to a list using !setList and use it as an HTML template to populate the custom indicator field.

C.

Create a custom Indicator Mapper and populate the custom indicator field.

D.

Use the Mapping option in the playbook task that generates the HTML report to populate the custom indicator field.

Question 6

A SOC manager built a dashboard and would like to share the dashboard with other team members. How would the SOC manager create a dashboard that meets this requirement?

Options:

A.

Manually share the dashboard through user emails

B.

Dashboard is shared to all XSOAR users

C.

Propagate the dashboard based on SAML authentication

D.

Dashboard is shared to all XSOAR users in a selected role

Question 7

What assigns newly ingested event attributes to incident fields?

Options:

A.

Playbooks

B.

Classification

C.

Mapping

D.

Layouts

Question 8

Which field type provides an interactive and editable display of table-based data?

Options:

A.

HTML

B.

Grid (table)

C.

Markdown

D.

Multi Select

Question 9

What is the default configuration for indicator auto-extraction when incidents are created?

Options:

A.

Inline

B.

Inband

C.

None

D.

Out of band

Question 10

Arrange these steps in the order that they occur during an incident fetch.

Options:

Question 11

Which investigation element is best suited for collaboration among users?

Options:

A.

Work Plan

B.

Related Incidents

C.

War Room

D.

Context Data

Question 12

What is used to trigger playbooks automatically based on the classification of an incident?

Options:

A.

Indicator type

B.

Incoming mapper

C.

Incident types

D.

Integration configuration

Question 13

Given the following context data, what would be the expected output of the expression?

Options:

A.

1E56733826E5035233A097FCEA2046AF96EC616C

B.

E6EF5142E2553C1E442A0FFAC07636EAC61E6EDD

C.

8D193FA162A305E4859BA8C45F5121F7265E3ABB

D.

e6ef5142e2553c1e442a0ffac07636eac61e6edd

Question 14

What does the outgoing mapper support?

Options:

A.

Mirroring

B.

Classification

C.

Dynamic fields

D.

Pre-processing

Question 15

An administrator wants to send an email via the Mail Sender integration. Which of the following out of the box methods would be used for that?

Options:

A.

XSOAR D2 agent

B.

external integration command

C.

XSOAR shared agent

D.

common automation script

Question 16

What is the most effective way to correlate multiple raw events coming from a SIEM and link them together?

Options:

A.

Process all alerts by running the respective playbook and link related incidents during post-processing

B.

Ingest all raw events, run a custom script to find the relationship between them and proceed to link them together

C.

Configure a pre-process rule to link related events as they are ingested

D.

Manually go through the incidents created by the raw events and link related incidents

Question 17

An engineer notices that playbooks only start once the user clicks the ‘investigate’ button and he/she would like the playbook to start automatically.

How can this be implemented?

Options:

A.

Add the playbook to the integration’s settings

B.

Select ‘Run playbook automatically’ from the incident type settings

C.

Add the !startinvestigation automation to the beginning of the playbook

D.

Select ‘Run playbook automatically’ from the integration settings

Question 18

Which of the following is a basic setting that can be configured in an automation?

Options:

A.

Summary

B.

Compiler

C.

Schedule

D.

Run On

Question 19

An engineer would like to change an incident’s SLA according to the severity field changes. How can the engineer achieve this task?

Options:

A.

Use a field trigger script

B.

Use a field display script

C.

Create a job that queries for incident severity changes

D.

Change the SLA manually every time the severity changes

Question 20

Match the corresponding action with the appropriate playbook tasks.

Options:

Question 21

Which three statements are true about the Marketplace? (Choose three.)

Options:

A.

Allows reverting back to a previous version of a content pack

B.

Enables users to participate in the community by sharing content

C.

Publishes content without additional review from the Cortex XSOAR team

D.

Allows uploading of content in additional languages

E.

Offers granularity in installation through content packs

Question 22

Which two options may be added when a content pack is being installed? (Choose two.)

Options:

A.

Lists

B.

Roles

C.

Other content packs

D.

Indicator layouts

Question 23

When creating a new tab in the layout, which section cannot be added?

Options:

A.

Retrieve widget chart based on script

B.

Related incidents

C.

War room entries picked by entry query

D.

Incident team members

Page: 1 / 16
Total 156 questions