Palo Alto Networks Certified Security Automation Engineer v1.0

Page:    1 / 12   
Exam contains 168 questions
Expand All

Which three statements are true about the Marketplace? (Choose three.)

  • A. Allows reverting back to a previous version of a content pack
  • B. Enables users to participate in the community by sharing content
  • C. Publishes content without additional review from the Cortex XSOAR team
  • D. Allows uploading of content in additional languages
  • E. Offers granularity in installation through content packs


Answer : BCD

What can be added to offload integration instance processing from the main server?

  • A. Database node
  • B. Application server
  • C. Engine
  • D. Development server


Answer : A

Which XSOAR architecture would be recommended for Managed Security Service Providers (MSSP)?

  • A. Multi-region
  • B. Dev-Prod
  • C. Multi-tenant
  • D. Distributed database


Answer : C

Reference:
https://www.ncsi.com/wp-content/uploads/2020/11/cortex-xsoar.pdf

An incident field is created having the display name as Source_IP.
How can the field be accessed?

  • A. ${incident.sourceip}
  • B. ${incident.Source_IP}
  • C. ${incident.srcip}
  • D. ${incident.Source IP}


Answer : C

DRAG DROP -
Arrange these steps in the order that they occur during an incident fetch.
Select and Place:



Answer :

An engineer deployed two different instances of Active Directory for each organization site. As part of account enrichment use case, the engineer would like to delete a user from one specific site.
Which command will accomplish this?

  • A. run ג€˜ad-delete-userג€™ command with ג€˜user-dnג€™ arg and using-brand=ג€Active Directory Query v2ג€
  • B. run ג€˜ad-delete-userג€™ command with ג€˜user-dnג€™ arg and raw-response=true
  • C. run ג€˜ad-delete-userג€™ command with ג€˜user-dnג€™ arg and ignore-outputs=true
  • D. run ג€˜ad-delete-userג€™ command with ג€˜user-dnג€™ arg and using=ג€Active Directory Query v2_instance_1ג€


Answer : A

An engineer is developing a playbook that will be run multiple times for testing purposes.
What is the recommended first task to be used in the playbook?

  • A. DeleteContext
  • B. GenerateTest
  • C. PrintContext
  • D. SetContext


Answer : A

Reference:
https://xsoar.pan.dev/docs/integrations/test-playbooks

What is the most effective way to correlate multiple raw events coming from a SIEM and link them together?

  • A. Process all alerts by running the respective playbook and link related incidents during post-processing
  • B. Ingest all raw events, run a custom script to find the relationship between them and proceed to link them together
  • C. Configure a pre-process rule to link related events as they are ingested
  • D. Manually go through the incidents created by the raw events and link related incidents


Answer : A

Which two incident search queries are valid? (Choose two.)

  • A. created:>=ג€7 daysג€
  • B. owner===admin
  • C. role is Analyst
  • D. status:closed ג€"category:job


Answer : AD

Reference:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/cortex-xsoar-overview/how-to-search-in-cortex-xsoar.html

What is the correct expression to use when filtering only PDF files?

  • A. Use File.Extension that does not equal (string comparison) PDF
  • B. Use File.Name contains PDF
  • C. Use File.Extension contains (general) PDF
  • D. Use File.Extension equals (string comparison) PDF


Answer : B

Whar are possible war room result (entry) types?

  • A. Context, file, error, image
  • B. Note, indicator, error, image
  • C. Video, file, error, image
  • D. Note, file, error, image


Answer : B

An engineer asked for a specific command in an integration but the capability does not exist. The engineer decided to edit the existing integration by copying the integration and adding the needed commands.
What is the main concern when adding these commands?

  • A. The commands must return a proper result to the war room for the analysts to understand
  • B. The code may not be written to XSOAR standards
  • C. The integrations are locked and cannot be edited with additional commands
  • D. The custom integration will not be maintained and updated by XSOAR content team


Answer : C

How is data transferred between playbook tasks?

  • A. Read/Write from context data
  • B. Over war room results
  • C. Input from the indicator page
  • D. Directly from a previous task


Answer : A

A large number of incidents were deleted by mistake.
Which two architecture components can be used to recover the lost data? (Choose two.)

  • A. Live backup
  • B. Engine
  • C. Distributed database
  • D. Local backup


Answer : AB

Reference:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/disaster-recovery-and-live-backup/disaster-recovery-and-backup- overview.html

Which two statements accurately describe layouts? (Choose two.)

  • A. Layouts override classification and mapping
  • B. New tabs can be added to the incident layout
  • C. Layouts can display incident information and custom fields
  • D. Layouts add or remove custom fields from an incident type


Answer : BC

Page:    1 / 12   
Exam contains 168 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy