March Sale Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

Paloalto Networks PCSAE Dumps

Page: 1 / 6
Total 156 questions

Palo Alto Networks Certified Security Automation Engineer Questions and Answers

Question 1

In which two locations can filters and transformers be used in XSOAR? (Choose two.)

Options:

A.

Classification and Mapping

B.

Playbook Tasks

C.

Evidence Fields

D.

Incident Fields

Question 2

When browsing the Marketplace for new content packs, which details about each pack are you able to view?

Options:

A.

The integration’s source code

B.

A summary of each version history

C.

A test instance for the content pack

D.

The source code of each playbook

Question 3

Where would you look to find a personalized view of your own incidents and tasks?

Options:

A.

Incident Summary View

B.

My Incidents

C.

My Threat Landscape

D.

My Dashboard

Question 4

What assigns newly ingested event attributes to incident fields?

Options:

A.

Playbooks

B.

Classification

C.

Mapping

D.

Layouts

Question 5

Which field type should be used to hold more than 60,000 characters of unformatted text?

Options:

A.

Short Text

B.

HTML

C.

Long Text

D.

Markdown

Question 6

When developing the playbook, which of the following can be used by a XSOAR Administrator?

Options:

A.

The Debugger panel to test data with one of last five incidents. This will affect the incident’s original incident data.

B.

Context data from existing incidents by exporting the YAML data from incidents and importing it to playbook editor.

C.

Debugger panel and XML data from a similar incident with New Mock Incident. This will not affect the incidents original incident data.

D.

The Debugger panel to test data with one of last fifty incidents. This will not affect the incident’s original incident data.

Question 7

An engineer asked for a specific command in an integration but the capability does not exist. The engineer decided to edit the existing integration by copying the integration and adding the needed commands.

What is the main concern when adding these commands?

Options:

A.

The commands must return a proper result to the war room for the analysts to understand

B.

The code may not be written to XSOAR standards

C.

The integrations are locked and cannot be edited with additional commands

D.

The custom integration will not be maintained and updated by XSOAR content team

Question 8

Which built-in automation/command cab be used to change an incident’s type?

Options:

A.

setIncident

B.

Set

C.

GetFieldsByIncidentType

D.

modifyIncidentFields

Question 9

In order to automatically run a playbook on the indicators fetched by an integration, what would an XSOAR Administrator setup?

Options:

A.

Cron job

B.

Time triggered job

C.

Feed triggered job

D.

REST API job

Question 10

An XSOAR engineer has been tasked with exporting all indicators from the production environment in the last 90 days. The final report needs to be in CSV format containing all indicator fields. How can this task be achieved?

Options:

A.

Run the command !GetIndicatorsByQuery in CLI with its default arguments and export all indicators in the last 90 days.

B.

SSH into the server and copy the indicator's database.

C.

In the Threat Intel page, add query firstSeen:>="90 days ago", select All columns in Table View, and click Export to export as a CSV.

D.

Run the command !findIndicators in CLI with the query firstSeen:>="90 days ago" and export to CSV.

Question 11

Which investigation element is best suited for collaboration among users?

Options:

A.

Work Plan

B.

Related Incidents

C.

War Room

D.

Context Data

Question 12

When uploading content, which two options could the upload include? (Choose two.)

Options:

A.

Indicators

B.

Incidents

C.

Reports

D.

Fields

Question 13

When creating an incident layout section, it is best to place long field values within which of the following?

Options:

A.

Section headers

B.

Rows

C.

Canvas

D.

Cards

Question 14

How can Cortex XSOAR administrators prevent junior analysts from viewing a senior analyst dashboard?

Options:

A.

Share the dashboard in Read and Edit mode for senior analysts.

B.

Share the dashboard in Read & Edit mode for senior analysts and Read Only for juniors analysts.

C.

Share the dashboard in Read and Write mode for senior analysts.

D.

Share the dashboard in Read Only mode for junior analysts and senior analysts.

Question 15

An administrator wants to send an email via the Mail Sender integration. Which of the following out of the box methods would be used for that?

Options:

A.

XSOAR D2 agent

B.

external integration command

C.

XSOAR shared agent

D.

common automation script

Question 16

Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)

Options:

A.

Python

B.

Perl

C.

Go

D.

JavaScript

E.

Powershell

Question 17

On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?

Options:

A.

2MB

B.

3MB

C.

1MB

D.

5MB

Question 18

What is the correct expression to use when filtering only PDF files?

Options:

A.

Use File.Extension that does not equal (string comparison) PDF

B.

Use File.Name contains PDF

C.

Use File.Extension contains (general) PDF

D.

Use File.Extension equals (string comparison) PDF

Question 19

A playbook task generates a report as HTML in the context data.

An engineer creates a custom indicator field of type "HTML" and adds the field to a section in a custom indicator layout. How can the engineer populate the HTML field in the indicator layout?

Options:

A.

Populate the custom indicator field with the built-in !SetIndicator command.

B.

Add HTML to a list using !setList and use it as an HTML template to populate the custom indicator field.

C.

Create a custom Indicator Mapper and populate the custom indicator field.

D.

Use the Mapping option in the playbook task that generates the HTML report to populate the custom indicator field.

Question 20

Which two features does XSOAR offer to help recover from a server failure? (Choose two.)

Options:

A.

Live backup (disaster recovery)

B.

Distributed database

C.

Backup data to XSOAR engines

D.

Local backup

Question 21

What will happen if a playbook debugger is left running for more than 24 hours?

Options:

A.

By default, every 24 hours, the system closes any debugger sessions that have been open for more than 180 minutes.

B.

The session must be stopped during 180 minutes manually by administrator, user will receive notification automatically.

C.

The session will be running till stopped manually by administrator.

D.

By default, the system closes automatically any debugger session that have been open 180 minutes.

Question 22

Which task type would be used to verify/check that an integration was enabled?

Options:

A.

Standard task

B.

Conditional task

C.

Section Header task

D.

Data Collection task

Question 23

What is a primary use case of data collection tasks?

Options:

A.

To allow multi-QUESTION NO: surveys without authentication restrictions

B.

To automate tasks such as parsing a file or enriching indicators

C.

To generate new widgets for a dashboard

D.

To determine different paths in a playbook

Page: 1 / 6
Total 156 questions