New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

PCSAE Palo Alto Networks Certified Security Automation Engineer Questions and Answers

Questions 4

Which two incident search queries are valid? (Choose two.)

Options:

A.

created:>=”7 days”

B.

owner===admin

C.

role is Analyst

D.

status:closed –category:job

Buy Now
Questions 5

Arrange these steps in the order that they occur during an incident fetch.

Options:

Buy Now
Questions 6

Which three actions can an engineer take on the troubleshooting page? (Choose three.)

Options:

A.

Download the debug log bundle

B.

Put the XSOAR server in maintenance mode

C.

View and modify server configuration settings

D.

Export and import custom content

E.

View a list of server administrators

Buy Now
Questions 7

In which two options can an automation script be executed? (Choose two.)

Options:

A.

Engine

B.

Integration

C.

War room

D.

Playbook

Buy Now
Questions 8

Which three options can be defined in the layout settings? (Choose three.)

Options:

A.

Set of fields to present

B.

Permission to view the tab based on ‘Users’

C.

Permission to view the tab based on ‘Roles’

D.

Delete built-in tabs including the war room

E.

Dynamic sections

Buy Now
Questions 9

An engineer deployed two different instances of Active Directory for each organization site. As part of account enrichment use case, the engineer would like to delete a user from one specific site.

Which command will accomplish this?

Options:

A.

run ‘ad-delete-user’ command with ‘user-dn’ arg and using-brand=“Active Directory Query v2”

B.

run ‘ad-delete-user’ command with ‘user-dn’ arg and raw-response=true

C.

run ‘ad-delete-user’ command with ‘user-dn’ arg and ignore-outputs=true

D.

run ‘ad-delete-user’ command with ‘user-dn’ arg and using=“Active Directory

Query v2_instance_1”

Buy Now
Questions 10

What does the outgoing mapper support?

Options:

A.

Mirroring

B.

Classification

C.

Dynamic fields

D.

Pre-processing

Buy Now
Questions 11

What are the three ways to add/mark entries as evidence inside the Evidence Board? (Choose three.)

Options:

A.

Manually directly from the War Room with the Actions drop-down

B.

From the Notes section (mark as entry icon)

C.

Manually from the playbook task (mark as entry icon)

D.

Automatically from playbook tasks when the option is selected on the Advanced tab

E.

By running the command !MarkAsEvidence

Buy Now
Questions 12

Which playbook will a job run by default?

Options:

A.

The playbook assigned to the incident type

B.

The playbook assigned to the indicator type

C.

The playbook assigned during pre-processing

D.

The playbook assigned by the integration

Buy Now
Questions 13

What is the function of timer SLA fields in Cortex XSOAR?

Options:

A.

To track SLA breaches per playbook

B.

To run a script that executes on SLA assignment

C.

To automatically alert the analyst on SLA breach

D.

To count the time between one or more tasks

Buy Now
Questions 14

In which two ways can data be transferred between playbooks and sub-playbooks? (Choose two.)

Options:

A.

Inputs and outputs

B.

Through integration context

C.

Automatically extracted by sub-playbooks

D.

From context data, if context is shared globally

Buy Now
Questions 15

What are three different loop types in a playbook? (Choose three.)

Options:

A.

Automation

B.

Built-in

C.

Data collection

D.

Conditional

E.

For-each

Buy Now
Questions 16

A large number of incidents were deleted by mistake.

Which two architecture components can be used to recover the lost data? (Choose two.)

Options:

A.

Live backup

B.

Engine

C.

Distributed database

D.

Local backup

Buy Now
Questions 17

Which two options may be added when a content pack is being installed? (Choose two.)

Options:

A.

Lists

B.

Roles

C.

Other content packs

D.

Indicator layouts

Buy Now
Questions 18

Whar are possible war room result (entry) types?

Options:

A.

Context, file, error, image

B.

Note, indicator, error, image

C.

Video, file, error, image

D.

Note, file, error, image

Buy Now
Questions 19

Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)

Options:

A.

Define input key in the subplaybook task. Map context values to pull from parent playbook.

B.

The output of the previous task automatically becomes the input of the subplaybook.

C.

Map inputs and outputs to the parent playbook and the subplaybook will use the same values.

D.

Open the subplaybook and add inputs or outputs in the Playbook triggered task.

Buy Now
Questions 20

In order to automatically run a playbook on the indicators fetched by an integration, what would an XSOAR Administrator setup?

Options:

A.

Cron job

B.

Time triggered job

C.

Feed triggered job

D.

REST API job

Buy Now
Questions 21

What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)

Options:

A.

Download content for offline installation

B.

Uninstall content pack

C.

Update to x version

D.

Revert to x version

Buy Now
Questions 22

Which content type cannot be managed using remote repositories?

Options:

A.

Lists

B.

Jobs

C.

Pre-processing rules

D.

Exclusion List

Buy Now
Questions 23

At what stage during the incident lifecycle is an incident type assigned?

Options:

A.

Pre-processing

B.

Incident creation

C.

Classification

D.

Playbook execution

Buy Now
Exam Code: PCSAE
Exam Name: Palo Alto Networks Certified Security Automation Engineer
Last Update: Dec 27, 2024
Questions: 156
PCSAE pdf

PCSAE PDF

$25.5  $84.99
PCSAE Engine

PCSAE Testing Engine

$30  $99.99
PCSAE PDF + Engine

PCSAE PDF + Testing Engine

$40.5  $134.99