Independence Day - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65percent

Welcome To DumpsPedia

PCSAE Sample Questions Answers

Questions 4

Which two features does XSOAR offer to help recover from a server failure? (Choose two.)

Options:

A.

Live backup (disaster recovery)

B.

Distributed database

C.

Backup data to XSOAR engines

D.

Local backup

Buy Now
Questions 5

When uploading content, which two options could the upload include? (Choose two.)

Options:

A.

Indicators

B.

Incidents

C.

Reports

D.

Fields

Buy Now
Questions 6

After enriching a username using Active Directory, an engineer would like to send an email to the user’s manager. However, this functionality is not part of the command output. The engineer checks with raw- response=true and notices that the manager’s email is returned, but not saved in the context.

How can the engineer save the data so it will be accessible?

Options:

A.

Mark ignore output = true

B.

Use extend-context

C.

Use raw-response = save

D.

Mark ignore input = true

Buy Now
Questions 7

What is used to trigger playbooks automatically based on the classification of an incident?

Options:

A.

Indicator type

B.

Incoming mapper

C.

Incident types

D.

Integration configuration

Buy Now
Questions 8

What is an example of a generic reputation command?

Options:

A.

!ip

B.

!getReputation

C.

!reputation

D.

!enrichIndicator

Buy Now
Questions 9

A playbook task generates a report as HTML in the context data.

An engineer creates a custom indicator field of type "HTML" and adds the field to a section in a custom indicator layout. How can the engineer populate the HTML field in the indicator layout?

Options:

A.

Populate the custom indicator field with the built-in !SetIndicator command.

B.

Add HTML to a list using !setList and use it as an HTML template to populate the custom indicator field.

C.

Create a custom Indicator Mapper and populate the custom indicator field.

D.

Use the Mapping option in the playbook task that generates the HTML report to populate the custom indicator field.

Buy Now
Questions 10

In which three locations can an engineer try to find information, when troubleshooting a failed integration instance error produced by the test button? (Choose three.)

Options:

A.

The audit log

B.

The log bundle

C.

The source code for an integration

D.

The error message returned directly below the button

E.

The playground war room

Buy Now
Questions 11

An engineer defined a dashboard which allows important metrics to be displayed. The engineer would like to make this dashboard the default dashboard.

How can it be accomplished?

Options:

A.

Default Dashboard can be defined by ‘Role’

B.

Use the server configuration key: default.dashboards

C.

Save the dashboard as a widget and apply it to all users

D.

Right click on the dashboard tab and ‘Set as Default’

Buy Now
Questions 12

Select the correct incident life cycle on XSOAR.

Options:

A.

Planning > Incident Ingestion > Incident Creation > Mapping and Classification > Pre-processing > Playbook runs > Post-processing

B.

Planning > Incident Ingestion > Pre-processing > Incident Creation > Mapping and Classification > Playbook runs > Post-processing

C.

Planning > Incident Ingestion > Pre-processing > Mapping and Classification > Incident Creation > Playbook runs > Post-processing

D.

Planning > Incident Ingestion > Mapping and Classification > Pre-processing > Incident Creation > Playbook runs > Post-processing

Buy Now
Questions 13

Arrange these steps in the order that they occur during an incident fetch.

Options:

Buy Now
Questions 14

Which two functions in XSOAR are incident types used for? (Choose two.)

Options:

A.

To run dedicated playbooks for different event types

B.

To classify events ingested from various sources into the relevant types

C.

To classify indicators extracted in XSOAR incidents to their respective types

D.

To facilitate role based access to XSOAR incidents

Buy Now
Questions 15

Which task type would be used to verify/check that an integration was enabled?

Options:

A.

Standard task

B.

Conditional task

C.

Section Header task

D.

Data Collection task

Buy Now
Questions 16

When creating a new tab in the layout, which section cannot be added?

Options:

A.

Retrieve widget chart based on script

B.

Related incidents

C.

War room entries picked by entry query

D.

Incident team members

Questions 17

Given an incident with three files, how could the name of the second file be referenced?

Options:

A.

${Files.[2].Name}

B.

${Files.Name.[2]}

C.

${File.[1].Name}

D.

${File.Name.[1]}

Buy Now
Questions 18

What is a primary use case of data collection tasks?

Options:

A.

To allow multi-QUESTION NO: surveys without authentication restrictions

B.

To automate tasks such as parsing a file or enriching indicators

C.

To generate new widgets for a dashboard

D.

To determine different paths in a playbook

Buy Now
Questions 19

Which content type cannot be managed using remote repositories?

Options:

A.

Lists

B.

Jobs

C.

Pre-processing rules

D.

Exclusion List

Buy Now
Questions 20

What are two common use cases for conditional tasks? (Choose two.)

Options:

A.

They are used for branching paths in a playbook

B.

They are used to interact with users through survey functionality

C.

They are used to determine which incident will be executed

D.

They are used for sending a specific QUESTION NO: to a person or team

Buy Now
Questions 21

Which playbook will a job run by default?

Options:

A.

The playbook assigned to the incident type

B.

The playbook assigned to the indicator type

C.

The playbook assigned during pre-processing

D.

The playbook assigned by the integration

Buy Now
Questions 22

Which investigation element is best suited for collaboration among users?

Options:

A.

Work Plan

B.

Related Incidents

C.

War Room

D.

Context Data

Buy Now
Questions 23

Which two incident search queries are valid? (Choose two.)

Options:

A.

created:>=”7 days”

B.

owner===admin

C.

role is Analyst

D.

status:closed –category:job

Buy Now
Questions 24

What are two primary uses of standard tasks? (Choose two.)

Options:

A.

To highlight different paths in a playbook

B.

To generate new widgets for a dashboard

C.

To create an incident or escalate an existing incident

D.

To automate tasks such as parsing a file or enriching indicators

Buy Now
Questions 25

Which two solutions are available to scale an overloaded XSOAR environment? (Choose two.)

Options:

A.

Add a distributed database server

B.

Add an indexing server

C.

Add a live backup server (disaster recovery)

D.

Add an engine

Buy Now
Questions 26

An engineer’s organization system is registered in the following manner: . The engineer created a new indicator type for detecting systems using regex. The engineer would now like the username to be created as a separate ‘User’ indicator automatically once a system is found.

What is the most efficient way for the engineer to achieve this?

Options:

A.

Create a custom indicator field named ‘username’ and link it to the internal system indicator

B.

Change the reputation command for the internal system indicator type

C.

Create a new indicator type of the internal username and set a formatting script to extract only the

username

D.

Create a new indicator type of the internal username and have the regex included on any string that has dash at the beginning

Buy Now
Questions 27

In which two scenarios would it be appropriate to implement a loop for a sub-playbook? (Choose two.)

Options:

A.

In repetitive process flows to iterate for each playbook input

B.

When continuously ingesting incidents from third-party systems

C.

In repetitive process flows with no more than 10 loops

D.

In repetitive processes that requires sub-playbook re-execution

Buy Now
Questions 28

Which two options may be added when a content pack is being installed? (Choose two.)

Options:

A.

Lists

B.

Roles

C.

Other content packs

D.

Indicator layouts

Buy Now
Questions 29

During the regular maintenance of XSOAR a customer noticed that there was an update available for the Active Directory content pack (current version 1.4.6) and updated the content pack to the latest version (version 1.4.11). However, after the update the customer noticed that the Active Directory Query integration is not working properly and asked you to resolve the issue.

Which of the following set of steps can help to resolve the issue?

Options:

A.

Navigate to Settings

View the configured integrations and select Active Directory Authentication

Delete all integration instances and add all integration instances again

B.

Navigate to Marketplace

View the installed content pack and select Active Directory content pack

Select version 1.4.6 and click on "Revert to this version"

C.

Navigate to Settings

View the configured integrations and select Active Directory Query

Delete all integration instances and add all integration instances again

D.

Navigate to Marketplace

View the installed content pack and select Active Directory content pack

Click on uninstall content pack

Navigate to Marketplace browser and reinstall the Active Directory content pack

Buy Now
Questions 30

An administrator has noticed that an integration has failed to fetch incidents. Where would they go to download logs to troubleshoot the error?

Options:

A.

Go to the Marketplace > Download the Fix my XSOAR playbook pack > Run the playbook > Download logs from War Room

B.

Settings > About > Troubleshooting > Set Log Level to Debug > Download Logs

C.

Dashboards & Reports > System Health

D.

Settings > About > System Diagnostics

Buy Now
Questions 31

What is the function of timer SLA fields in Cortex XSOAR?

Options:

A.

To track SLA breaches per playbook

B.

To run a script that executes on SLA assignment

C.

To automatically alert the analyst on SLA breach

D.

To count the time between one or more tasks

Buy Now
Questions 32

An administrator wants to send an email via the Mail Sender integration. Which of the following out of the box methods would be used for that?

Options:

A.

XSOAR D2 agent

B.

external integration command

C.

XSOAR shared agent

D.

common automation script

Buy Now
Questions 33

Which three actions can an engineer take on the troubleshooting page? (Choose three.)

Options:

A.

Download the debug log bundle

B.

Put the XSOAR server in maintenance mode

C.

View and modify server configuration settings

D.

Export and import custom content

E.

View a list of server administrators

Buy Now
Questions 34

Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)

Options:

A.

Define input key in the subplaybook task. Map context values to pull from parent playbook.

B.

The output of the previous task automatically becomes the input of the subplaybook.

C.

Map inputs and outputs to the parent playbook and the subplaybook will use the same values.

D.

Open the subplaybook and add inputs or outputs in the Playbook triggered task.

Buy Now
Questions 35

Which two input requirements are needed to train a machine learning model? (Choose two.)

Options:

A.

3000 Incidents

B.

Incident Field

C.

Verdict Label

D.

Incident Type

Buy Now
Questions 36

What are the three ways to add/mark entries as evidence inside the Evidence Board? (Choose three.)

Options:

A.

Manually directly from the War Room with the Actions drop-down

B.

From the Notes section (mark as entry icon)

C.

Manually from the playbook task (mark as entry icon)

D.

Automatically from playbook tasks when the option is selected on the Advanced tab

E.

By running the command !MarkAsEvidence

Buy Now
Questions 37

Inside the Incidents table view, which actions can be performed on the selected incidents? (Choose two.)

Options:

A.

Run Command, Export, and Close and Delete for all selected incidents regardless of their status

B.

Assign, Edit, and Mark as Duplicate for all selected incidents regardless of their status

C.

Run Command for all selected incidents having Active status

D.

Export incidents as JSON and change incident status

Buy Now
Questions 38

When is the post-processing script executed in XSOAR?

Options:

A.

Just after the incident is created

B.

Just after the pre-processing is executed

C.

Just after the playbook is executed

D.

Just after the Close Incident button is clicked

Buy Now
Questions 39

How would context data be filtered to receive only malicious indicator values with DBotScore?

Options:

A.

Get DBotScore.value where DBotScore.Score (Larger or equals) 4

B.

Get DBotScore.value where DBotScore.Score (equals (int)) 3

C.

Get DBotScore where DBotScore.Score (Larger than) 1

D.

Get DBotScore where DBotScore.Score (Larger or equals) 2

Buy Now
Questions 40

What is the most effective way to correlate multiple raw events coming from a SIEM and link them together?

Options:

A.

Process all alerts by running the respective playbook and link related incidents during post-processing

B.

Ingest all raw events, run a custom script to find the relationship between them and proceed to link them together

C.

Configure a pre-process rule to link related events as they are ingested

D.

Manually go through the incidents created by the raw events and link related incidents

Buy Now
Questions 41

Where would you look to find a personalized view of your own incidents and tasks?

Options:

A.

Incident Summary View

B.

My Incidents

C.

My Threat Landscape

D.

My Dashboard

Buy Now
Questions 42

An organization has recently acquired another company as its subsidiary. The subsidiary has its infrastructure on AWS cloud as illustrated in the image below:

The organization wants to use the mail server location on the subsidiary's cloud to send emails. Without acquiring additional licenses, which XSOAR component can fulfill the requirement?

Options:

A.

XSOAR D2 Agents, to send the required emails.

B.

An XSOAR engine that is downloaded from the XSOAR server and installed within the subsidiary.

C.

Another XSOAR server that uses the same license as their primary XSOAR server.

D.

A Linux server connected with an XSOAR server using SSH integration. Commands can be run remotely to access the mail server.

Buy Now
Questions 43

Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)

Options:

A.

Python

B.

Perl

C.

Go

D.

JavaScript

E.

Powershell

Buy Now
Questions 44

In which two locations can filters and transformers be used in XSOAR? (Choose two.)

Options:

A.

Classification and Mapping

B.

Playbook Tasks

C.

Evidence Fields

D.

Incident Fields

Buy Now
Questions 45

The XSOAR administrator is writing an automation and would like to return an error entry back into XSOAR if a particular command errors out. How can this be achieved?

Options:

A.

Using the demisto_error() function

B.

Using a print statement

C.

Using the demisto.debug() function

D.

Using the return_error() function

Buy Now
Questions 46

What happens if both a Classifier and Incident Type are configured in an integration instance's settings?

Options:

A.

The administrator will receive a notification that there is both a Classifier and Incident Type set for that integration instance.

B.

The Incident Type will be ignored, and incoming incidents will be classified according to the Classifier.

C.

The Classifier will be ignored, and incoming incidents will be classified according to the Incident Type.

D.

Both the Classifier and Incident Type will classify incoming incidents.

Buy Now
Exam Code: PCSAE
Exam Name: Palo Alto Networks Certified Security Automation Engineer
Last Update: Jul 12, 2024
Questions: 156
$56  $159.99
$42  $119.99
$35  $99.99
buy now PCSAE