[Jan 18, 2022] New Updated PCSAE Exam Questions 2022
Updated Free Palo Alto Networks PCSAE Test Engine Questions with 85 Q&As
Benefits of Palo Alto PCSAE Certification Exam
- Better your inherent earning power to demand a higher salary
- Learn to execute complicated, hands-on activities through lab, learning and practice sessions
- Acquire exposure to a broad variety of relevant features, functions, and duties
- Promote a Defence in Depth mind set against threat factors
- Extend your knowledge base and confirm your skills to appeal to potential employers
NEW QUESTION 11
What are two main uses of context data? (Choose two.)
- A. Store incident information in XML format
- B. Pass data between to-do tasks
- C. Pass data between playbook tasks
- D. Store incident information in JSON format
Answer: C,D
NEW QUESTION 12
What happens when an integration is deprecated?
- A. The integration commands in a playbook can be used, but it will fail at runtime
- B. The integration commands in a playbook can no longer be used
- C. The integration commands can be used, but it is recommended to update to the latest content pack
- D. The configuration settings will be lost and the integration will no longer function
Answer: D
NEW QUESTION 13
After enriching a username using Active Directory, an engineer would like to send an email to the user's manager. However, this functionality is not part of the command output. The engineer checks with raw- response=true and notices that the manager's email is returned, but not saved in the context.
How can the engineer save the data so it will be accessible?
- A. Mark ignore output = true
- B. Mark ignore input = true
- C. Use extend-context
- D. Use raw-response = save
Answer: C
NEW QUESTION 14
Which two statements describe how timers are configured to start and stop automatically in a playbook?
(Choose two.)
- A. After the playbook has run, calculate the total time taken and set the timer field with this value
- B. Use a field of Number to count the number of seconds elapsed between two tasks
- C. From the Timers tab of the playbook task, choose the action for the timer and the timer field to perform the action on
- D. To begin counting time taken, add a task in the playbook with automation startTimer. To end the counting, add a task with automation stopTimer
Answer: A,C
NEW QUESTION 15
Whar are possible war room result (entry) types?
- A. Note, file, error, image
- B. Context, file, error, image
- C. Video, file, error, image
- D. Note, indicator, error, image
Answer: D
NEW QUESTION 16
What is the correct expression to use when filtering only PDF files?
- A. Use File.Extension contains (general) PDF
- B. Use File.Extension that does not equal (string comparison) PDF
- C. Use File.Extension equals (string comparison) PDF
- D. Use File.Name contains PDF
Answer: D
NEW QUESTION 17
How long is the trial period for paid content packs?
- A. 60 days
- B. 14 days
- C. 30 days
- D. 7 days
Answer: C
NEW QUESTION 18
Which two reasons would lead an engineer to create a custom widget? (Choose two.)
- A. To visualize server configuration keys
- B. To visualize a custom query
- C. To visualize complex incident data calculations
- D. To visualize context data
- E. To visualize XSOAR list data
Answer: B,D
NEW QUESTION 19
Which two input requirements are needed to train a machine learning model? (Choose two.)
- A. Verdict Label
- B. 3000 Incidents
- C. Incident Field
- D. Incident Type
Answer: C,D
NEW QUESTION 20
An incident field is created having the display name as Source_IP. How can the field be accessed?
- A. ${incident.sourceip}
- B. ${incident.Source IP}
- C. ${incident.srcip}
- D. ${incident.Source_IP}
Answer: C
NEW QUESTION 21
Which three authentication methods are supported when logging into XSOAR? (Choose three.)
- A. User name and password
- B. Active Directory authentication
- C. RADIUS
- D. SAML
- E. OTP token
Answer: B,C,D
NEW QUESTION 22
Incidents need to be filtered by all of the following criteria:
1.Status - Pending
2.Exclude Category - Job
3.Severity - High
4.Owner - None (No owner assigned)
5.Type - Phishing
6.Email Subject - "You have won a million dollars"
What is the correct query syntax for the above incident search filter?
- A. status:Pending or -category:job or severity:High or owner:"" or type:Phishing or emailsubject:"You have won a million dollars"
- B. Status:Pending and -Category:job and Severity:High and Owner:"" and Type:Phishing and Email Subject:You have won a million dollars
- C. status:Pending and -category:job and severity:High and owner:"" and type:Phishing and emailsubject:"You have won a million dollars"
- D. status=="Pending" && category!="job" && severity=="High" && owner=="None" && type=="Phishing" && emailsubject=="You have won a million dollars"
Answer: C
NEW QUESTION 23
Match the action with the most appropriate playbook task type.
Answer:
Explanation:
Explanation
https://www.jaacostan.com/2021/02/palo-alto-cortex-xsoar-playbook-icons.html
NEW QUESTION 24
What are two common use cases for conditional tasks? (Choose two.)
- A. They are used for branching paths in a playbook
- B. They are used to determine which incident will be executed
- C. They are used to interact with users through survey functionality
- D. They are used for sending a specific question to a person or team
Answer: A,B
NEW QUESTION 25
Arrange these steps in the order that they occur during an incident fetch.
Answer:
Explanation:
NEW QUESTION 26
When mapping incoming data to incident fields, which statement is correct?
- A. Classification cannot be used if mapping is enabled
- B. Only text fields are classified
- C. Every incoming field must be mapped
- D. Data that is not mapped is placed under labels
Answer: C
NEW QUESTION 27
Which two options may be added when a content pack is being installed? (Choose two.)
- A. Other content packs
- B. Indicator layouts
- C. Roles
- D. Lists
Answer: C,D
NEW QUESTION 28
How is data transferred between playbook tasks?
- A. Directly from a previous task
- B. Input from the indicator page
- C. Read/Write from context data
- D. Over war room results
Answer: C
NEW QUESTION 29
What can be used as integration parameters?
- A. Token, query, playbook
- B. User-password, csv file, query
- C. URL, certificate, image
- D. URL, API key, port
Answer: D
NEW QUESTION 30
Which two features does XSOAR offer to help recover from a server failure? (Choose two.)
- A. Local backup
- B. Live backup (disaster recovery)
- C. Distributed database
- D. Backup data to XSOAR engines
Answer: B,D
NEW QUESTION 31
Where can engineers add the post-processing scripts to incidents?
- A. Post-processing scripts must be added at the end of playbooks
- B. Post-processing scripts must be added from the Post-Process Rules editor
- C. The post-processing tag must be added to the automation
- D. Post-processing scripts must be added from the Incident Type editor
Answer: D
NEW QUESTION 32
Which method accesses a field called 'User Mail' in a playbook?
- A. ${incident.usermail}
- B. ${usermail}
- C. ${incident.User Mail}
- D. ${incident.UserMail}
Answer: A
NEW QUESTION 33
By default, which components does an XSOAR implementation include?
- A. Application server, distributed DB server
- B. All in one server
- C. Application server, distributed DB server, Backup server
- D. XSOAR server, XSOAR engine
Answer: A
NEW QUESTION 34
Which three support types are included in the Marketplace Content Packs? (Choose three.)
- A. Prisma Cloud supported
- B. Contex XSOAR supported
- C. Partner supported
- D. Customer supported
- E. Community supported
Answer: B,C,E
NEW QUESTION 35
......
Try 100% Updated PCSAE Exam Questions [2022]: https://www.actual4exams.com/PCSAE-valid-dump.html