Palo Alto Networks PCSAE Exam Questions Instant Access

Question 1

Which three actions can an engineer take on the troubleshooting page? (Choose three.)

ADownload the debug log bundle

BPut the XSOAR server in maintenance mode

CView and modify server configuration settings

DExport and import custom content

EView a list of server administrators

Answer : A, B, C

Question 2

When mapping incoming data to incident fields, which statement is correct?

AData that is not mapped is placed under labels

BOnly text fields are classified

CClassification cannot be used if mapping is enabled

DEvery incoming field must be mapped

Answer : A

Question 3

You need to retrieve a list of all malicious hashes over the last 30 days. What is the correct query to use?

Atype:File reputation:Malicious sourcetimestamp:'30 days ago'

Btype:File verdict:Malicious sourcetimestamp:<='30 days ago'

Ctype:File reputation:Malicious sourcetimestamp:='30 days ago'

Dtype:File verdict:Malicious sourcetimestamp:>='30 days ago'

Answer : A

Question 4

Which development languages are supported when creating XSOAR automation scripts?

AC++, Python, Powershell

BRuby, C++, Python

CJavascript, Powershell, C++

DPython, Powershell, Javascript

Answer : D

Question 5

In which three locations can an engineer try to find information, when troubleshooting a failed integration instance error produced by the test button? (Choose three.)

AThe audit log

BThe log bundle

CThe source code for an integration

DThe error message returned directly below the button

EThe playground war room

Answer : B, C, D

Question 6

Which component can be part of a load balancing group?

ADistributed database

BD2 agent

CEngine

DLoad balancing server

Answer : C

Question 7

Multiple company assets were reported by vulnerability scanners as being vulnerable to CVE-2017-11882. This vulnerability affects applications installed on workstations. The SOC team needs to take action and apply the new vulnerability patch that was just released. The team must first create a cause for each of the identified assets in ServiceNow IT Service Management (ITSM), in order to notify the IT department. Next, the team creates a task in the main playbook, which extracts the list of assets from the scanner report.

After the list of assets are created, what are the two solutions that the SOC team could take so that a case could be created and a patch installed? (Choose two.)

ACreate a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Condition: AreValuesEqual -- Exit on yes -- left:1, right 1) and perform the following tasks:
- Active Directory User Enrichment based on the computerName
- Create the ServiceNow Record by adding the enrichment information
- Mark the ticket severity as Urgent

BCreate a sub-playbook with a single input containing the computer names that will loop 'For Each Input' and perform the following tasks:
- Active Directory User Enrichment based on the computerName
- Create the ServiceNow Record by adding the enrichment information
- Mark the ticket severity as Urgent

CSet a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator contains the count of the number of items in the list) and perform the following tasks:
- Active Directory User Enrichment based on the computerName
- Create the ServiceNow Record by adding the enrichment information
- Mark the ticket severity as Urgent

DSet a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator equal to count of the number of item in the list) and perform the following tasks:
- Increase the iterator value by one each time
- Active Directory User Enrichment based on the computerName
- Create the ServiceNow Record by adding the enrichment information
- Mark the ticket severity as Urgent

Answer : B, D

Palo Alto Networks Certified Security Automation Engineer PCSAE Exam Questions