PCSAE Palo Alto Networks Certified Security Automation Engineer Questions and Answers

Get csvList.value where csvList.value equals test [from previous tasks]

Get csvList.value where csvList.value equals ${test} [from previous tasks]

Get csvList.value where csvList.value equals test {}[from previous tasks]

Get csvList.value where csvList.value equals test [as value]

Get csvList.value where csvList.value equals ${test} [as value]

Fields can be used in playbooks and labels cannot

Fields are indexed in the database and labels are not

Labels can be used in queries and fields cannot

Labels are indexed in the database and fields are not

Live backup

Engine

Distributed database

Local backup

Manually share the dashboard through user emails

Dashboard is shared to all XSOAR users

Propagate the dashboard based on SAML authentication

Dashboard is shared to all XSOAR users in a selected role

Inputs are data pieces that are present in the playbook

Inputs are data pieces that are present in the task

Outputs are used as incident trigger for playbook

Outputs can be derived from the result of a task or command

Inputs are the data fields parsed by the Classifier

Read/Write from context data

Over war room results

Input from the indicator page

Directly from a previous task

10,080 minutes (7 days)

20,160 minutes (14 days)

21,600 minutes (15 days)

4,320 minutes (3 days)

2MB

3MB

1MB

5MB

Planning > Incident Ingestion > Incident Creation > Mapping and Classification > Pre-processing > Playbook runs > Post-processing

Planning > Incident Ingestion > Pre-processing > Incident Creation > Mapping and Classification > Playbook runs > Post-processing

Planning > Incident Ingestion > Pre-processing > Mapping and Classification > Incident Creation > Playbook runs > Post-processing

Planning > Incident Ingestion > Mapping and Classification > Pre-processing > Incident Creation > Playbook runs > Post-processing

Settings > Object Setup > Incidents > Layouts

Settings > Integrations > Instance configuration

Settings > Object Setup > Indicators > Layouts

Settings > Advanced > Incident Layouts

XSOAR D2 Agents, to send the required emails.

An XSOAR engine that is downloaded from the XSOAR server and installed within the subsidiary.

Another XSOAR server that uses the same license as their primary XSOAR server.

A Linux server connected with an XSOAR server using SSH integration. Commands can be run remotely to access the mail server.

Pre-processing

Incident creation

Classification

Playbook execution

${Files.[2].Name}

${Files.Name.[2]}

${File.[1].Name}

${File.Name.[1]}

Run Command, Export, and Close and Delete for all selected incidents regardless of their status

Assign, Edit, and Mark as Duplicate for all selected incidents regardless of their status

Run Command for all selected incidents having Active status

Export incidents as JSON and change incident status

The integration’s source code

A summary of each version history

A test instance for the content pack

The source code of each playbook

type:File reputation:Malicious sourcetimestamp:"30 days ago"

type:File verdict:Malicious sourcetimestamp:<="30 days ago"

type:File reputation:Malicious sourcetimestamp:="30 days ago"

type:File verdict:Malicious sourcetimestamp:>="30 days ago"

${incident.sourceip}

${incident.Source_IP}

${incident.srcip}

${incident.Source IP}

Settings > About > Troubleshooting, in the main host account. Each host has a System Diagnostics page.

Settings > Advanced > System Diagnostics, in the main host account. Each host has a System Diagnostics page.

Settings > Account Management > Hosts, in the main host account. Each host has a System Diagnostics page.

Settings > About > System Diagnostics, in the main host account. Each host has a System Diagnostics page.

Use a field trigger script

Use a field display script

Create a job that queries for incident severity changes

Change the SLA manually every time the severity changes

Populate the custom indicator field with the built-in !SetIndicator command.

Add HTML to a list using !setList and use it as an HTML template to populate the custom indicator field.

Create a custom Indicator Mapper and populate the custom indicator field.

Use the Mapping option in the playbook task that generates the HTML report to populate the custom indicator field.