Pre-Winter Special Flat 65% Limited Time Discount offer - Ends in 0d 00h 00m 00s - Coupon code: suredis

Paloalto Networks PCSAE Palo Alto Networks Certified Security Automation Engineer Exam Practice Test

Demo: 23 questions
Total 156 questions

Palo Alto Networks Certified Security Automation Engineer Questions and Answers

Question 1

An engineer would like to present a trend using widgets to compare to a previous week’s data. Which two methods will allow the engineer to meet the requirement? (Choose two.)

Options:

A.

Create widget of type Line, check ‘Display Trend’ and define as 7 days ago

B.

Create a custom widget using a new incident query

C.

Create widget of type Number, check ‘Display Trend’ and define as 7 days ago

D.

Create a custom widget using a script

Question 2

What are the out-of-the-box aggregate values that can be applied on widgets data?

Options:

A.

Min, Max, Count, Average, Custom Transformers

B.

Min, Max, Count, Average, Custom Group By

C.

Count, Average, Sum, Min, Max

D.

Count, Sum, Min, Max, Transformers

Question 3

Which two statements accurately describe layouts? (Choose two.)

Options:

A.

Layouts override classification and mapping

B.

New tabs can be added to the incident layout

C.

Layouts can display incident information and custom fields

D.

Layouts add or remove custom fields from an incident type

Question 4

When uploading content, which two options could the upload include? (Choose two.)

Options:

A.

Indicators

B.

Incidents

C.

Reports

D.

Fields

Question 5

Where can engineers add the post-processing scripts to incidents?

Options:

A.

The post-processing tag must be added to the automation

B.

Post-processing scripts must be added at the end of playbooks

C.

Post-processing scripts must be added from the Incident Type editor

D.

Post-processing scripts must be added from the Post-Process Rules editor

Question 6

Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)

Options:

A.

Define input key in the subplaybook task. Map context values to pull from parent playbook.

B.

The output of the previous task automatically becomes the input of the subplaybook.

C.

Map inputs and outputs to the parent playbook and the subplaybook will use the same values.

D.

Open the subplaybook and add inputs or outputs in the Playbook triggered task.

Question 7

In order to automatically run a playbook on the indicators fetched by an integration, what would an XSOAR Administrator setup?

Options:

A.

Cron job

B.

Time triggered job

C.

Feed triggered job

D.

REST API job

Question 8

Which two incident search queries are valid? (Choose two.)

Options:

A.

created:>=”7 days”

B.

owner===admin

C.

role is Analyst

D.

status:closed –category:job

Question 9

An engineer wants to customize the regex for the default IP indicator type. How can this change be implemented?

Options:

A.

Create a new indicator type and disable the built-in IP indicator

B.

Edit the regex of the default IP Indicator

C.

Add a new server configuration key that will overwrite the default regex of the IP indicator

D.

Delete the default IP indicator

Question 10

Which development languages are supported when creating XSOAR automation scripts?

Options:

A.

C++, Python, Powershell

B.

Ruby, C++, Python

C.

Javascript, Powershell, C++

D.

Python, Powershell, Javascript

Question 11

After enriching a username using Active Directory, an engineer would like to send an email to the user’s manager. However, this functionality is not part of the command output. The engineer checks with raw- response=true and notices that the manager’s email is returned, but not saved in the context.

How can the engineer save the data so it will be accessible?

Options:

A.

Mark ignore output = true

B.

Use extend-context

C.

Use raw-response = save

D.

Mark ignore input = true

Question 12

An analyst wants to run a script to remove usernames from an incident before the incident becomes active in XSOAR. How can this be achieved?

Options:

A.

Run an automation script in the Playground to remove usernames from the incident.

B.

Create a pre-processing rule that runs an automation script to remove usernames from the incident as it comes into XSOAR.

C.

Run an automation script on the XSOAR server to remove usernames from the incident.

D.

Create a playbook task to remove the usernames from the incident.

Question 13

Which component can be part of a load balancing group?

Options:

A.

Distributed database

B.

D2 agent

C.

Engine

D.

Load balancing server

Question 14

Match the operations with the appropriate context.

Options:

Question 15

An engineer is developing a playbook that will be run multiple times for testing purposes. What is the recommended first task to be used in the playbook?

Options:

A.

DeleteContext

B.

GenerateTest

C.

PrintContext

D.

SetContext

Question 16

Which three support types are included in the Marketplace Content Packs? (Choose three.)

Options:

A.

Customer supported

B.

Contex XSOAR supported

C.

Community supported

D.

Partner supported

E.

Prisma Cloud supported

Question 17

What happens when an integration is deprecated?

Options:

A.

The integration commands in a playbook can no longer be used

B.

The integration commands can be used, but it is recommended to update to the latest content pack

C.

The configuration settings will be lost and the integration will no longer function

D.

The integration commands in a playbook can be used, but it will fail at runtime

Question 18

Which option is available in XSOAR to create the body of a Threat Intel Report?

Options:

A.

Markdown

B.

Grid Fields

C.

DOC format

D.

Javascript

Question 19

What is a primary use case of data collection tasks?

Options:

A.

To allow multi-QUESTION NO: surveys without authentication restrictions

B.

To automate tasks such as parsing a file or enriching indicators

C.

To generate new widgets for a dashboard

D.

To determine different paths in a playbook

Question 20

Given the following context data, what would be the expected output of the expression?

Options:

A.

1E56733826E5035233A097FCEA2046AF96EC616C

B.

E6EF5142E2553C1E442A0FFAC07636EAC61E6EDD

C.

8D193FA162A305E4859BA8C45F5121F7265E3ABB

D.

e6ef5142e2553c1e442a0ffac07636eac61e6edd

Question 21

Where are incident layouts customized?

Options:

A.

Settings > Object Setup > Incidents > Layouts

B.

Settings > Integrations > Instance configuration

C.

Settings > Object Setup > Indicators > Layouts

D.

Settings > Advanced > Incident Layouts

Question 22

When creating a new tab in the layout, which section cannot be added?

Options:

A.

Retrieve widget chart based on script

B.

Related incidents

C.

War room entries picked by entry query

D.

Incident team members

Question 23

In which two scenarios would it be appropriate to implement a loop for a sub-playbook? (Choose two.)

Options:

A.

In repetitive process flows to iterate for each playbook input

B.

When continuously ingesting incidents from third-party systems

C.

In repetitive process flows with no more than 10 loops

D.

In repetitive processes that requires sub-playbook re-execution

Demo: 23 questions
Total 156 questions