PCSAE : Palo Alto Networks Certified Security Automation Engineer : Part 04

PCSAE : Palo Alto Networks Certified Security Automation Engineer : Part 04

  1. Which two options may be added when a content pack is being installed? (Choose two.)

    • Lists
    • Roles
    • Other content packs
    • Indicator layouts

  2. Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)

    • Python
    • Perl
    • Go
    • JavaScript
    • Powershell

    Explanation:

    Reference:

    https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/playbooks/automations.html

  3. What are two primary uses of standard tasks? (Choose two.)

    • To highlight different paths in a playbook
    • To generate new widgets for a dashboard
    • To create an incident or escalate an existing incident
    • To automate tasks such as parsing a file or enriching indicators
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/playbooks/playbooks-overview.html

  4. An engineer would like to change an incident’s SLA according to the severity field changes.

    How can the engineer achieve this task?

    • Use a field trigger script
    • Use a field display script
    • Create a job that queries for incident severity changes
    • Change the SLA manually every time the severity changes
    Explanation:
    Reference:
    https://xsoar.pan.dev/docs/incidents/incident-fields

  5. What are three different loop types in a playbook? (Choose three.)

    • Automation
    • Built-in
    • Data collection
    • Conditional
    • For-each

  6. What are two common use cases for conditional tasks? (Choose two.)

    • They are used for branching paths in a playbook
    • They are used to interact with users through survey functionality
    • They are used to determine which incident will be executed
    • They are used for sending a specific question to a person or team
    Explanation:
    Reference:
    https://docs-new.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/cortex-xsoar-overview/use-cases.html#id7b31e50b-5aca-4d65-bdb5-ba61b4eac0b4

  7. An engineer wants to customize the regex for the default IP indicator type.

    How can this change be implemented?

    • Create a new indicator type and disable the built-in IP indicator
    • Edit the regex of the default IP Indicator
    • Add a new server configuration key that will overwrite the default regex of the IP indicator
    • Delete the default IP indicator
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/manage-indicators/understand-indicators/indicator-types/indicator-type-profile.html

  8. In which two scenarios would it be appropriate to implement a loop for a sub-playbook? (Choose two.)

    • In repetitive process flows to iterate for each playbook input
    • When continuously ingesting incidents from third-party systems
    • In repetitive process flows with no more than 10 loops
    • In repetitive processes that requires sub-playbook re-execution

  9. Which configuration is a valid distributed database (DB) implementation?

    • 2 main DBs, 1 application server, 2 node servers
    • 1 main DB, 1 application server, 3 node servers
    • 2 application servers, 1 main DB, 1 node server
    • 1 application server, 2 main DBs, 1 node server

  10. An engineer would like to add a custom field to the New Job form for a job triggered from a threat intel feed.

    How would the engineer implement this?

    • The new job form changes based on the threat intel feed integration configuration
    • The new job form can be edited from the Indicator Feed incident type editor
    • The new job form for a threat intel feed job cannot be edited
    • The new job form can be edited from the threat intel feeds integration settings
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-threat-intel-management-guide/manage-indicators/understand-indicators/create-a-feed-based-job.html

  11. An automation returned an output called: csvReport.

    What filter would be used to check if the automation returned results?

    • Contains/Includes
    • Equals/Matches
    • In/In list
    • Is defined/Exist

  12. What is the difference between labels and fields?

    • Fields can be used in playbooks and labels cannot
    • Fields are indexed in the database and labels are not
    • Labels can be used in queries and fields cannot
    • Labels are indexed in the database and fields are not

  13. What is the default task type when creating an empty task?

    • Standard (Manual)
    • Conditional
    • Section header
    • Standard (Automated)
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/playbooks/playbook-tasks/playbook-task-fields.html

  14. Which two methods are used to add new content to the XSOAR Content Repository? (Choose two.)

    • Create content and add it to the standard content by contributing through the Marketplace
    • Use the XSOAR GitHub Contribution Guide to add the contribution to the standard content
    • Create a support ticket with the custom content for review by the support team
    • Any custom content will be automatically uploaded to the content repository

  15. In which two options can an automation script be executed? (Choose two.)

    • Engine
    • Integration
    • War room
    • Playbook
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/playbooks/automations.html

  16. By default, automation written in which language will be executed in a Docker container?

    • Python
    • Go
    • JavaScript
    • Perl

  17. What is the correct definition regarding integration parameters and command arguments?

    • Parameters are global variables which means that every command can use these configurable options in order to run. Arguments are shared with other commands and must be present for each command.
    • Parameters are local variables which means that every command can use these configurable options in order to run. Arguments are shared with other commands and must be present for each command.
    • Parameters are local variables which means that every command can use these configurable options in order to run. Arguments are specific to only one command.
    • Parameters are global variables which means that every command can use these configurable options in order to run. Arguments are specific to only one command.
    Explanation:
    Reference:
    https://xsoar.pan.dev/docs/tutorials/tut-integration-ui

  18. In which two locations can filters and transformers be used in XSOAR? (Choose two.)

    • Classification and Mapping
    • Playbook Tasks
    • Evidence Fields
    • Incident Fields
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/playbooks/filters-and-transformers.html

  19. Which three actions can an engineer take on the troubleshooting page? (Choose three.)

    PCSAE Palo Alto Networks Certified Security Automation Engineer Part 04 Q19 006 Question
    PCSAE Palo Alto Networks Certified Security Automation Engineer Part 04 Q19 006 Question
    • Download the debug log bundle
    • Put the XSOAR server in maintenance mode
    • View and modify server configuration settings
    • Export and import custom content
    • View a list of server administrators

  20. An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users.

    Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)

    • Open a ticket with the XSOAR support team
    • Create a pull request directly on Github
    • Contribute through the XSOAR UI
    • Send an email to [email protected]

  21. Which two input requirements are needed to train a machine learning model? (Choose two.)

    • 3000 Incidents
    • Incident Field
    • Verdict Label
    • Incident Type
    Explanation:
    Reference:
    https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/machine-learing-models/machine-learning-models-overview.html

  22. Which two solutions are available to scale an overloaded XSOAR environment? (Choose two.)

    • Add a distributed database server
    • Add an indexing server
    • Add a live backup server (disaster recovery)
    • Add an engine

  23. Management would like to get an incident report automatically following an incident’s closure.

    How would this be accomplished?

    • Define a task in a playbook to generate an incident report before the closure occurs
    • Manually create an ‘Incident Report’
    • Configure post-processing using a script
    • Create an ‘Incident Report’ from the Reports page

  24. Which two reasons would lead an engineer to create a custom widget? (Choose two.)

    • To visualize server configuration keys
    • To visualize XSOAR list data
    • To visualize complex incident data calculations
    • To visualize context data
    • To visualize a custom query
    Explanation:
    Reference: https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/cortex-xsoar-admin.pdf/cortex-xsoar-admin.pdf
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments