New Year Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

PCSAE Palo Alto Networks Certified Security Automation Engineer Questions and Answers

Questions 4

An Engineer wants to filter a csvList value according to a dynamic value saved under the test context key.

Which three values would save the test context key? (Choose three.)

PCSAE Question 4

Options:

A.

Get csvList.value where csvList.value equals test [from previous tasks]

B.

Get csvList.value where csvList.value equals ${test} [from previous tasks]

C.

Get csvList.value where csvList.value equals test {}[from previous tasks]

D.

Get csvList.value where csvList.value equals test [as value]

E.

Get csvList.value where csvList.value equals ${test} [as value]

Buy Now
Questions 5

What is the difference between labels and fields?

Options:

A.

Fields can be used in playbooks and labels cannot

B.

Fields are indexed in the database and labels are not

C.

Labels can be used in queries and fields cannot

D.

Labels are indexed in the database and fields are not

Buy Now
Questions 6

A large number of incidents were deleted by mistake.

Which two architecture components can be used to recover the lost data? (Choose two.)

Options:

A.

Live backup

B.

Engine

C.

Distributed database

D.

Local backup

Buy Now
Questions 7

A SOC manager built a dashboard and would like to share the dashboard with other team members. How would the SOC manager create a dashboard that meets this requirement?

Options:

A.

Manually share the dashboard through user emails

B.

Dashboard is shared to all XSOAR users

C.

Propagate the dashboard based on SAML authentication

D.

Dashboard is shared to all XSOAR users in a selected role

Buy Now
Questions 8

What are inputs and outputs in reference to a Playbook Development Lifecycle? (Choose three.)

Options:

A.

Inputs are data pieces that are present in the playbook

B.

Inputs are data pieces that are present in the task

C.

Outputs are used as incident trigger for playbook

D.

Outputs can be derived from the result of a task or command

E.

Inputs are the data fields parsed by the Classifier

Buy Now
Questions 9

How is data transferred between playbook tasks?

Options:

A.

Read/Write from context data

B.

Over war room results

C.

Input from the indicator page

D.

Directly from a previous task

Buy Now
Questions 10

To avoid exceeding API quotas for third-party services, indicators are only updated after the indicator cache expiration period. What is the default cache expiration period for indicators in XSOAR (minutes/days)?

Options:

A.

10,080 minutes (7 days)

B.

20,160 minutes (14 days)

C.

21,600 minutes (15 days)

D.

4,320 minutes (3 days)

Buy Now
Questions 11

On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?

Options:

A.

2MB

B.

3MB

C.

1MB

D.

5MB

Buy Now
Questions 12

Select the correct incident life cycle on XSOAR.

Options:

A.

Planning > Incident Ingestion > Incident Creation > Mapping and Classification > Pre-processing > Playbook runs > Post-processing

B.

Planning > Incident Ingestion > Pre-processing > Incident Creation > Mapping and Classification > Playbook runs > Post-processing

C.

Planning > Incident Ingestion > Pre-processing > Mapping and Classification > Incident Creation > Playbook runs > Post-processing

D.

Planning > Incident Ingestion > Mapping and Classification > Pre-processing > Incident Creation > Playbook runs > Post-processing

Buy Now
Questions 13

Where are incident layouts customized?

Options:

A.

Settings > Object Setup > Incidents > Layouts

B.

Settings > Integrations > Instance configuration

C.

Settings > Object Setup > Indicators > Layouts

D.

Settings > Advanced > Incident Layouts

Buy Now
Questions 14

An organization has recently acquired another company as its subsidiary. The subsidiary has its infrastructure on AWS cloud as illustrated in the image below:

PCSAE Question 14

The organization wants to use the mail server location on the subsidiary's cloud to send emails. Without acquiring additional licenses, which XSOAR component can fulfill the requirement?

Options:

A.

XSOAR D2 Agents, to send the required emails.

B.

An XSOAR engine that is downloaded from the XSOAR server and installed within the subsidiary.

C.

Another XSOAR server that uses the same license as their primary XSOAR server.

D.

A Linux server connected with an XSOAR server using SSH integration. Commands can be run remotely to access the mail server.

Buy Now
Questions 15

At what stage during the incident lifecycle is an incident type assigned?

Options:

A.

Pre-processing

B.

Incident creation

C.

Classification

D.

Playbook execution

Buy Now
Questions 16

Given an incident with three files, how could the name of the second file be referenced?

Options:

A.

${Files.[2].Name}

B.

${Files.Name.[2]}

C.

${File.[1].Name}

D.

${File.Name.[1]}

Buy Now
Questions 17

Inside the Incidents table view, which actions can be performed on the selected incidents? (Choose two.)

Options:

A.

Run Command, Export, and Close and Delete for all selected incidents regardless of their status

B.

Assign, Edit, and Mark as Duplicate for all selected incidents regardless of their status

C.

Run Command for all selected incidents having Active status

D.

Export incidents as JSON and change incident status

Buy Now
Questions 18

When browsing the Marketplace for new content packs, which details about each pack are you able to view?

Options:

A.

The integration’s source code

B.

A summary of each version history

C.

A test instance for the content pack

D.

The source code of each playbook

Buy Now
Questions 19

You need to retrieve a list of all malicious hashes over the last 30 days. What is the correct query to use?

Options:

A.

type:File reputation:Malicious sourcetimestamp:"30 days ago"

B.

type:File verdict:Malicious sourcetimestamp:<="30 days ago"

C.

type:File reputation:Malicious sourcetimestamp:="30 days ago"

D.

type:File verdict:Malicious sourcetimestamp:>="30 days ago"

Buy Now
Questions 20

An incident field is created having the display name as Source_IP. How can the field be accessed?

Options:

A.

${incident.sourceip}

B.

${incident.Source_IP}

C.

${incident.srcip}

D.

${incident.Source IP}

Buy Now
Questions 21

Where do you navigate to monitor and improve the system performance and resilience for hosts in a multitenant environment?

Options:

A.

Settings > About > Troubleshooting, in the main host account. Each host has a System Diagnostics page.

B.

Settings > Advanced > System Diagnostics, in the main host account. Each host has a System Diagnostics page.

C.

Settings > Account Management > Hosts, in the main host account. Each host has a System Diagnostics page.

D.

Settings > About > System Diagnostics, in the main host account. Each host has a System Diagnostics page.

Buy Now
Questions 22

An engineer would like to change an incident’s SLA according to the severity field changes. How can the engineer achieve this task?

Options:

A.

Use a field trigger script

B.

Use a field display script

C.

Create a job that queries for incident severity changes

D.

Change the SLA manually every time the severity changes

Buy Now
Questions 23

A playbook task generates a report as HTML in the context data.

An engineer creates a custom indicator field of type "HTML" and adds the field to a section in a custom indicator layout. How can the engineer populate the HTML field in the indicator layout?

Options:

A.

Populate the custom indicator field with the built-in !SetIndicator command.

B.

Add HTML to a list using !setList and use it as an HTML template to populate the custom indicator field.

C.

Create a custom Indicator Mapper and populate the custom indicator field.

D.

Use the Mapping option in the playbook task that generates the HTML report to populate the custom indicator field.

Buy Now
Exam Code: PCSAE
Exam Name: Palo Alto Networks Certified Security Automation Engineer
Last Update: Dec 19, 2024
Questions: 156

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now PCSAE testing engine

PDF (Q&A)

$36.75  $104.99
buy now PCSAE pdf