PCSAE : Palo Alto Networks Certified Security Automation Engineer : Part 01

PCSAE : Palo Alto Networks Certified Security Automation Engineer : Part 01

  1. Which two advanced attributes can be applied to incident fields when editing? (Choose two.)

    • Set a field trigger script
    • Associate to an incident type
    • Change field type
    • Change field name

    Explanation:

    Reference:

    https://docs.servicenow.com/bundle/quebec-it-service-management/page/product/incident-management/reference/incident-management-properties.html

  2. Given an incident with three files, how could the name of the second file be referenced?

    • ${Files.[2].Name}
    • ${Files.Name.[2]}
    • ${File.[1].Name}
    • ${File.Name.[1]}

  3. Which component can be part of a load balancing group?

    • Distributed database
    • D2 agent
    • Engine
    • Load balancing server
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/engines/understand-demisto-engines.html

  4. Which method accesses a field called ‘User Mail’ in a playbook?

    • ${incident.usermail}
    • ${incident.User Mail}
    • ${incident.UserMail}
    • ${usermail}

  5. A SOC manager built a dashboard and would like to share the dashboard with other team members.

    How would the SOC manager create a dashboard that meets this requirement?

    • Manually share the dashboard through user emails
    • Dashboard is shared to all XSOAR users
    • Propagate the dashboard based on SAML authentication
    • Dashboard is shared to all XSOAR users in a selected role
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/dashboards/share-a-dashboard.html

  6. Which two methods will allow data to be saved in incident fields within a playbook? (Choose two.)

    • setFields
    • Field mapping
    • setIncident
    • Layout inline editing

  7. DRAG DROP

    Match the action with the most appropriate playbook task type.

    PCSAE Palo Alto Networks Certified Security Automation Engineer Part 01 Q07 001 Question
    PCSAE Palo Alto Networks Certified Security Automation Engineer Part 01 Q07 001 Question
    PCSAE Palo Alto Networks Certified Security Automation Engineer Part 01 Q07 001 Answer
    PCSAE Palo Alto Networks Certified Security Automation Engineer Part 01 Q07 001 Answer

    Explanation:
    https://www.jaacostan.com/2021/02/palo-alto-cortex-xsoar-playbook-icons.html

  8. Which built-in automation/command cab be used to change an incident’s type?

    • setIncident
    • Set
    • GetFieldsByIncidentType
    • modifyIncidentFields
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/incidents/incidents-management/incident-fields/field-trigger-scripts.html

  9. An engineer notices that playbooks only start once the user clicks the ‘investigate’ button and he/she would like the playbook to start automatically.

    How can this be implemented?

    • Add the playbook to the integration’s settings
    • Select ‘Run playbook automatically’ from the incident type settings
    • Add the !startinvestigation automation to the beginning of the playbook
    • Select ‘Run playbook automatically’ from the integration settings

  10. Which two causes may be occurring if an integration test is working, but the integration is not fetching incidents? (Choose two.)

    • The ’Fetches Incidents’ option may not have been enabled
    • There are no new events from the external service
    • The first fetch should be manually triggered to start the fetching process
    • It can take up to 1-hour before incidents are initially fetched

  11. Which two capabilities do Automation script settings include? (Choose two.)

    • Define ‘parameters’
    • Correlate to incident types
    • Define ‘outputs’
    • Set password protection

  12. DRAG DROP

    Match the appropriate action to the layout type.

    PCSAE Palo Alto Networks Certified Security Automation Engineer Part 01 Q12 002 Question
    PCSAE Palo Alto Networks Certified Security Automation Engineer Part 01 Q12 002 Question
    PCSAE Palo Alto Networks Certified Security Automation Engineer Part 01 Q12 002 Answer
    PCSAE Palo Alto Networks Certified Security Automation Engineer Part 01 Q12 002 Answer

  13. What is a primary use case of data collection tasks?

    • To allow multi-question surveys without authentication restrictions
    • To automate tasks such as parsing a file or enriching indicators
    • To generate new widgets for a dashboard
    • To determine different paths in a playbook
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/playbooks/playbook-tasks/communication-tasks/create-a-data-collection-task.html

  14. In which three locations can an engineer try to find information, when troubleshooting a failed integration instance error produced by the test button? (Choose three.)

    • The audit log
    • The log bundle
    • The source code for an integration
    • The error message returned directly below the button
    • The playground war room

  15. Which two statements describe how timers are configured to start and stop automatically in a playbook? (Choose two.)

    • Use a field of Number to count the number of seconds elapsed between two tasks
    • After the playbook has run, calculate the total time taken and set the timer field with this value
    • To begin counting time taken, add a task in the playbook with automation startTimer. To end the counting, add a task with automation stopTimer
    • From the Timers tab of the playbook task, choose the action for the timer and the timer field to perform the action on

  16. How long is the trial period for paid content packs?

    • 30 days
    • 14 days
    • 7 days
    • 60 days
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/marketplace/marketplace-subscriptions.html

  17. After enriching a username using Active Directory, an engineer would like to send an email to the user’s manager. However, this functionality is not part of the command output. The engineer checks with raw-response=true and notices that the manager’s email is returned, but not saved in the context.

    How can the engineer save the data so it will be accessible?

    • Mark ignore output = true
    • Use extend-context
    • Use raw-response = save
    • Mark ignore input = true
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/playbooks/extend-context/extend-context-using-the-command-line.html

  18. Where can engineers add the post-processing scripts to incidents?

    • The post-processing tag must be added to the automation
    • Post-processing scripts must be added at the end of playbooks
    • Post-processing scripts must be added from the Incident Type editor
    • Post-processing scripts must be added from the Post-Process Rules editor

  19. An engineer would like to present a trend using widgets to compare to a previous week’s data.

    Which two methods will allow the engineer to meet the requirement? (Choose two.)

    • Create widget of type Line, check ‘Display Trend’ and define as 7 days ago
    • Create a custom widget using a new incident query
    • Create widget of type Number, check ‘Display Trend’ and define as 7 days ago
    • Create a custom widget using a script

  20. What happens when an integration is deprecated?

    • What happens when an integration is deprecated?
    • The integration commands can be used, but it is recommended to update to the latest content pack
    • The configuration settings will be lost and the integration will no longer function
    • The integration commands in a playbook can be used, but it will fail at runtime
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments