Palo Alto Networks PCSAE Exam Practice Test Instant Access

Question 1

Which three actions can an engineer take on the troubleshooting page? (Choose three.)

ADownload the debug log bundle

BPut the XSOAR server in maintenance mode

CView and modify server configuration settings

DExport and import custom content

EView a list of server administrators

Answer : A, B, C

Question 2

How is data transferred between playbook tasks?

ARead/Write from context data

BOver war room results

CInput from the indicator page

DDirectly from a previous task

Answer : A

Question 3

Incidents need to be filtered by all of the following criteria:

1. Status -- Pending

2. Exclude Category -- Job

3. Severity -- High

4. Owner -- None (No owner assigned)

5. Type -- Phishing

6. Email Subject -- ''You have won a million dollars''

What is the correct query syntax for the above incident search filter?

Astatus==''Pending'' && category!=''job'' && severity==''High'' && owner==''None'' && type==''Phishing'' && emailsubject==''You have won a million dollars''

BStatus:Pending and --Category:job and Severity:High and Owner:'''' and Type:Phishing and Email Subject:You have won a million dollars

Cstatus:Pending and --category:job and severity:High and owner:'''' and type:Phishing and emailsubject:''You have won a million dollars''

Dstatus:Pending or --category:job or severity:High or owner:'''' or type:Phishing or emailsubject:''You have won a million dollars''

Answer : C

Question 4

What is the default configuration for indicator auto-extraction when incidents are created?

AInline

BInband

CNone

DOut of band

Answer : A

Question 5

An engineer would like to add a custom field to the New Job form for a job triggered from a threat intel feed. How would the engineer implement this?

AThe new job form changes based on the threat intel feed integration configuration

BThe new job form can be edited from the Indicator Feed incident type editor

CThe new job form for a threat intel feed job cannot be edited

DThe new job form can be edited from the threat intel feeds integration settings

Answer : B

Question 6

Which two methods will allow data to be saved in incident fields within a playbook? (Choose two.)

AsetFields

BField mapping

CsetIncident

DLayout inline editing

Answer : B, C

Question 7

A SOC manager built a dashboard and would like to share the dashboard with other team members. How would the SOC manager create a dashboard that meets this requirement?

AManually share the dashboard through user emails

BDashboard is shared to all XSOAR users

CPropagate the dashboard based on SAML authentication

DDashboard is shared to all XSOAR users in a selected role

Answer : D

Palo Alto Networks PCSAE Palo Alto Networks Certified Security Automation Engineer Exam Practice Test