Palo Alto Networks Certified Security Automation Engineer v1.0 (PCSAE)

Page:    1 / 11   
Total 156 questions

Which two options may be added when a content pack is being installed? (Choose two.)

  • A. Lists
  • B. Roles
  • C. Other content packs
  • D. Indicator layouts


Answer : AB

Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)

  • A. Python
  • B. Perl
  • C. Go
  • D. JavaScript
  • E. Powershell


Answer : ADE

Reference:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/playbooks/automations.html

What are two primary uses of standard tasks? (Choose two.)

  • A. To highlight different paths in a playbook
  • B. To generate new widgets for a dashboard
  • C. To create an incident or escalate an existing incident
  • D. To automate tasks such as parsing a file or enriching indicators


Answer : BD

Reference:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/playbooks/playbooks-overview.html

An engineer would like to change an incident's SLA according to the severity field changes.
How can the engineer achieve this task?

  • A. Use a field trigger script
  • B. Use a field display script
  • C. Create a job that queries for incident severity changes
  • D. Change the SLA manually every time the severity changes


Answer : B

Reference:
https://xsoar.pan.dev/docs/incidents/incident-fields

What are three different loop types in a playbook? (Choose three.)

  • A. Automation
  • B. Built-in
  • C. Data collection
  • D. Conditional
  • E. For-each


Answer : CDE

What are two common use cases for conditional tasks? (Choose two.)

  • A. They are used for branching paths in a playbook
  • B. They are used to interact with users through survey functionality
  • C. They are used to determine which incident will be executed
  • D. They are used for sending a specific question to a person or team


Answer : AC

Reference:
https://docs-new.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/cortex-xsoar-overview/use-cases.html#id7b31e50b-5aca-4d65- bdb5-ba61b4eac0b4

An engineer wants to customize the regex for the default IP indicator type.
How can this change be implemented?

  • A. Create a new indicator type and disable the built-in IP indicator
  • B. Edit the regex of the default IP Indicator
  • C. Add a new server configuration key that will overwrite the default regex of the IP indicator
  • D. Delete the default IP indicator


Answer : A

Reference:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/manage-indicators/understand-indicators/indicator-types/indicator-type- profile.html

In which two scenarios would it be appropriate to implement a loop for a sub-playbook? (Choose two.)

  • A. In repetitive process flows to iterate for each playbook input
  • B. When continuously ingesting incidents from third-party systems
  • C. In repetitive process flows with no more than 10 loops
  • D. In repetitive processes that requires sub-playbook re-execution


Answer : AB

Which configuration is a valid distributed database (DB) implementation?

  • A. 2 main DBs, 1 application server, 2 node servers
  • B. 1 main DB, 1 application server, 3 node servers
  • C. 2 application servers, 1 main DB, 1 node server
  • D. 1 application server, 2 main DBs, 1 node server


Answer : C

An engineer would like to add a custom field to the New Job form for a job triggered from a threat intel feed.
How would the engineer implement this?

  • A. The new job form changes based on the threat intel feed integration configuration
  • B. The new job form can be edited from the Indicator Feed incident type editor
  • C. The new job form for a threat intel feed job cannot be edited
  • D. The new job form can be edited from the threat intel feeds integration settings


Answer : B

Reference:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-threat-intel-management-guide/manage-indicators/understand-indicators/ create-a-feed-based-job.html

An automation returned an output called: csvReport.
What filter would be used to check if the automation returned results?

  • A. Contains/Includes
  • B. Equals/Matches
  • C. In/In list
  • D. Is defined/Exist


Answer : B

What is the difference between labels and fields?

  • A. Fields can be used in playbooks and labels cannot
  • B. Fields are indexed in the database and labels are not
  • C. Labels can be used in queries and fields cannot
  • D. Labels are indexed in the database and fields are not


Answer : C

What is the default task type when creating an empty task?

  • A. Standard (Manual)
  • B. Conditional
  • C. Section header
  • D. Standard (Automated)


Answer : B

Reference:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/playbooks/playbook-tasks/playbook-task-fields.html

Which two methods are used to add new content to the XSOAR Content Repository? (Choose two.)

  • A. Create content and add it to the standard content by contributing through the Marketplace
  • B. Use the XSOAR GitHub Contribution Guide to add the contribution to the standard content
  • C. Create a support ticket with the custom content for review by the support team
  • D. Any custom content will be automatically uploaded to the content repository


Answer : AD

In which two options can an automation script be executed? (Choose two.)

  • A. Engine
  • B. Integration
  • C. War room
  • D. Playbook


Answer : CD

Reference:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/playbooks/automations.html

Page:    1 / 11   
Total 156 questions