Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: geek65

PCSAE Palo Alto Networks Certified Security Automation Engineer Questions and Answers

Questions 4

What is a primary use case of data collection tasks?

Options:

A.

To allow multi-QUESTION NO: surveys without authentication restrictions

B.

To automate tasks such as parsing a file or enriching indicators

C.

To generate new widgets for a dashboard

D.

To determine different paths in a playbook

Buy Now
Questions 5

Which component can be part of a load balancing group?

Options:

A.

Distributed database

B.

D2 agent

C.

Engine

D.

Load balancing server

Buy Now
Questions 6

At what stage during the incident lifecycle is an incident type assigned?

Options:

A.

Pre-processing

B.

Incident creation

C.

Classification

D.

Playbook execution

Buy Now
Questions 7

An administrator has noticed that an integration has failed to fetch incidents. Where would they go to download logs to troubleshoot the error?

Options:

A.

Go to the Marketplace > Download the Fix my XSOAR playbook pack > Run the playbook > Download logs from War Room

B.

Settings > About > Troubleshooting > Set Log Level to Debug > Download Logs

C.

Dashboards & Reports > System Health

D.

Settings > About > System Diagnostics

Buy Now
Questions 8

What assigns newly ingested event attributes to incident fields?

Options:

A.

Playbooks

B.

Classification

C.

Mapping

D.

Layouts

Buy Now
Questions 9

Given an incident with three files, how could the name of the second file be referenced?

Options:

A.

${Files.[2].Name}

B.

${Files.Name.[2]}

C.

${File.[1].Name}

D.

${File.Name.[1]}

Buy Now
Questions 10

Match the appropriate action to the layout type.

Options:

Buy Now
Questions 11

When creating a new tab in the layout, which section cannot be added?

Options:

A.

Retrieve widget chart based on script

B.

Related incidents

C.

War room entries picked by entry query

D.

Incident team members

Buy Now
Questions 12

Which content type cannot be managed using remote repositories?

Options:

A.

Lists

B.

Jobs

C.

Pre-processing rules

D.

Exclusion List

Buy Now
Questions 13

What happens when an integration is deprecated?

Options:

A.

The integration commands in a playbook can no longer be used

B.

The integration commands can be used, but it is recommended to update to the latest content pack

C.

The configuration settings will be lost and the integration will no longer function

D.

The integration commands in a playbook can be used, but it will fail at runtime

Buy Now
Questions 14

A playbook task generates a report as HTML in the context data.

An engineer creates a custom indicator field of type "HTML" and adds the field to a section in a custom indicator layout. How can the engineer populate the HTML field in the indicator layout?

Options:

A.

Populate the custom indicator field with the built-in !SetIndicator command.

B.

Add HTML to a list using !setList and use it as an HTML template to populate the custom indicator field.

C.

Create a custom Indicator Mapper and populate the custom indicator field.

D.

Use the Mapping option in the playbook task that generates the HTML report to populate the custom indicator field.

Buy Now
Questions 15

An engineer deployed two different instances of Active Directory for each organization site. As part of account enrichment use case, the engineer would like to delete a user from one specific site.

Which command will accomplish this?

Options:

A.

run ‘ad-delete-user’ command with ‘user-dn’ arg and using-brand=“Active Directory Query v2”

B.

run ‘ad-delete-user’ command with ‘user-dn’ arg and raw-response=true

C.

run ‘ad-delete-user’ command with ‘user-dn’ arg and ignore-outputs=true

D.

run ‘ad-delete-user’ command with ‘user-dn’ arg and using=“Active Directory

Query v2_instance_1”

Buy Now
Questions 16

Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)

Options:

A.

Define input key in the subplaybook task. Map context values to pull from parent playbook.

B.

The output of the previous task automatically becomes the input of the subplaybook.

C.

Map inputs and outputs to the parent playbook and the subplaybook will use the same values.

D.

Open the subplaybook and add inputs or outputs in the Playbook triggered task.

Buy Now
Questions 17

Which two methods will allow data to be saved in incident fields within a playbook? (Choose two.)

Options:

A.

setFields

B.

Field mapping

C.

setIncident

D.

Layout inline editing

Buy Now
Questions 18

Which development languages are supported when creating XSOAR automation scripts?

Options:

A.

C++, Python, Powershell

B.

Ruby, C++, Python

C.

Javascript, Powershell, C++

D.

Python, Powershell, Javascript

Buy Now
Questions 19

Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)

Options:

A.

Python

B.

Perl

C.

Go

D.

JavaScript

E.

Powershell

Buy Now
Questions 20

You need to retrieve a list of all malicious hashes over the last 30 days. What is the correct query to use?

Options:

A.

type:File reputation:Malicious sourcetimestamp:"30 days ago"

B.

type:File verdict:Malicious sourcetimestamp:<="30 days ago"

C.

type:File reputation:Malicious sourcetimestamp:="30 days ago"

D.

type:File verdict:Malicious sourcetimestamp:>="30 days ago"

Buy Now
Questions 21

An analyst runs the following command in a playbook task:

!ip ip=1.1.1.1

Which extraction mode needs to be enabled on the Advanced tab of the playbook task to synchronously extract indicators from the results of this command?

Options:

A.

Synchronous

B.

Extract

C.

Out of band

D.

Inline

Buy Now
Questions 22

While testing a custom integration, an XSOAR engineer noticed that the incident fetch interval is missing. How can this be fixed?

Options:

A.

Define the Incident Fetch Interval when running the integration’s commands.

B.

Duplicate the integration. Edit the resulting copy and add incidentFetchInterval as a parameter. Save the integration. Configure the new integration instance with the interval required.

C.

Configure the application to send incidents on the required interval.

D.

Duplicate the integration. Add the interval in the code. Save the integration and Configure the new integration instance with the interval required.

Buy Now
Exam Code: PCSAE
Exam Name: Palo Alto Networks Certified Security Automation Engineer
Last Update: Nov 21, 2024
Questions: 156
PCSAE pdf

PCSAE PDF

$28  $80
 Add to Cart
PCSAE Engine

PCSAE Testing Engine

$33.25  $95
 Add to Cart
PCSAE PDF + Engine

PCSAE PDF + Testing Engine

$45.5  $130
 Add to Cart