New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Paloalto Networks > Palo Alto Certifications and Accreditations > PCSAE

PCSAE Palo Alto Networks Certified Security Automation Engineer Question and Answers

Question # 4

Match the corresponding action with the appropriate playbook tasks.

Full Access
Question # 5

Which of the following is a prerequisite to editing out-of-the-box (OOTB) content?

A.

Download the content from the Marketplace.

B.

Go to Settings > About >Troubleshooting and set a flag to allow custom content.

C.

Register a user account with support.paloaltonetworks.com .

D.

Detach the content item you want to edit from the Marketplace.

Full Access
Question # 6

Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)

A.

Define input key in the subplaybook task. Map context values to pull from parent playbook.

B.

The output of the previous task automatically becomes the input of the subplaybook.

C.

Map inputs and outputs to the parent playbook and the subplaybook will use the same values.

D.

Open the subplaybook and add inputs or outputs in the Playbook triggered task.

Full Access
Question # 7

Which of the following are valid methods to contribute custom content? (Choose three.)

A.

Submit content directly through feature requests

B.

Private GitHub repository submission for premium content

C.

A Github pull request on the public XSOAR Content Repository

D.

Using the marketplace interface to upload the content

E.

Using the content submission tool on live.paloaltonetworks.com

Full Access
Question # 8

Which two situations would an engineer consider when configuring classification and mapping for an incident type? (Choose two.)

A.

When creating incidents from the XSOAR REST API

B.

When manually creating an incident from the UI

C.

When adding a new analyst account to XSOAR

D.

When fetching many different incident types from a single mailbox

Full Access
Question # 9

When browsing the Marketplace for new content packs, which details about each pack are you able to view?

A.

The integration’s source code

B.

A summary of each version history

C.

A test instance for the content pack

D.

The source code of each playbook

Full Access
Question # 10

What is the most effective way to correlate multiple raw events coming from a SIEM and link them together?

A.

Process all alerts by running the respective playbook and link related incidents during post-processing

B.

Ingest all raw events, run a custom script to find the relationship between them and proceed to link them together

C.

Configure a pre-process rule to link related events as they are ingested

D.

Manually go through the incidents created by the raw events and link related incidents

Full Access
Question # 11

Select the correct incident life cycle on XSOAR.

A.

Planning > Incident Ingestion > Incident Creation > Mapping and Classification > Pre-processing > Playbook runs > Post-processing

B.

Planning > Incident Ingestion > Pre-processing > Incident Creation > Mapping and Classification > Playbook runs > Post-processing

C.

Planning > Incident Ingestion > Pre-processing > Mapping and Classification > Incident Creation > Playbook runs > Post-processing

D.

Planning > Incident Ingestion > Mapping and Classification > Pre-processing > Incident Creation > Playbook runs > Post-processing

Full Access
Question # 12

What is used to trigger playbooks automatically based on the classification of an incident?

A.

Indicator type

B.

Incoming mapper

C.

Incident types

D.

Integration configuration

Full Access
Question # 13

Which of the following does a XSOAR Admin need to create an integration with a third party cloud application?

A.

Marketplace access

B.

Application with API

C.

Private key/Public key integration

D.

Multitenant deployment

Full Access
Question # 14

Incidents need to be filtered by all of the following criteria:

1.Status – Pending

2.Exclude Category – Job

3.Severity – High

4.Owner – None (No owner assigned)

5.Type – Phishing

6.Email Subject – “You have won a million dollars”

What is the correct query syntax for the above incident search filter?

A.

status==“Pending“ && category!=”job” && severity==”High” && owner==”None” && type==”Phishing” && emailsubject==”You have won a million dollars”

B.

Status:Pending and –Category:job and Severity:High and Owner:”” and Type:Phishing and Email Subject:You have won a million dollars

C.

status:Pending and –category:job and severity:High and owner:”” and type:Phishing and emailsubject:”You have won a million dollars”

D.

status:Pending or –category:job or severity:High or owner:”” or type:Phishing or emailsubject:”You have won a million dollars”

Full Access
Question # 15

An engineer’s organization system is registered in the following manner: . The engineer created a new indicator type for detecting systems using regex. The engineer would now like the username to be created as a separate ‘User’ indicator automatically once a system is found.

What is the most efficient way for the engineer to achieve this?

A.

Create a custom indicator field named ‘username’ and link it to the internal system indicator

B.

Change the reputation command for the internal system indicator type

C.

Create a new indicator type of the internal username and set a formatting script to extract only the

username

D.

Create a new indicator type of the internal username and have the regex included on any string that has dash at the beginning

Full Access
Question # 16

Which XSOAR architecture would be recommended for Managed Security Service Providers (MSSP)?

A.

Multi-region

B.

Dev-Prod

C.

Multi-tenant

D.

Distributed database

Full Access
Question # 17

What is the default task type when creating an empty task?

A.

Standard (Manual)

B.

Conditional

C.

Section header

D.

Standard (Automated)

Full Access
Question # 18

Which of the following is a feature of XSOAR automations?

A.

can run on multiple docker containers

B.

can be set to run on a scheduled basis in the automation settings

C.

can be password protected

D.

can be written in C++

Full Access
Question # 19

Which two incident search queries are valid? (Choose two.)

A.

created:>=”7 days”

B.

owner===admin

C.

role is Analyst

D.

status:closed –category:job

Full Access
Question # 20

For troubleshooting, after a log bundle is created, where do the logs appear on the XCSOAR server?

A.

/var/lib/demisto

B.

/tmp/log/demisto

C.

/usr/local/demisto

D.

/var/log/demisto

Full Access
Question # 21

Which of the following is a basic setting that can be configured in an automation?

A.

Summary

B.

Compiler

C.

Schedule

D.

Run On

Full Access
Question # 22

Which configuration is a valid distributed database (DB) implementation?

A.

2 main DBs, 1 application server, 2 node servers

B.

1 main DB, 1 application server, 3 node servers

C.

2 application servers, 1 main DB, 1 node server

D.

1 application server, 2 main DBs, 1 node server

Full Access