Palo Alto Networks XSOAR-Engineer Exam Questions Instant Access

Question 1

What are two primary uses of standard tasks? (Choose two.)

ATo highlight different paths in a playbook

BTo generate new widgets for a dashboard

CTo create an incident or escalate an existing incident

DTo automate tasks such as parsing a file or enriching indicators

Answer : C, D

Question 2

What is the correct definition regarding integration parameters and command arguments?

AParameters are global variables which means that every command can use these configurable options in order to run. Arguments are shared with other commands and must be present for each command.

BParameters are local variables which means that every command can use these configurable options in order to run. Arguments are shared with other commands and must be present for each command.

CParameters are local variables which means that every command can use these configurable options in order to run. Arguments are specific to only one command.

DParameters are global variables which means that every command can use these configurable options in order to run. Arguments are specific to only one command.

Answer : D

Question 3

How can Cortex XSOAR administrators prevent junior analysts from viewing a senior analyst dashboard?

AShare the dashboard in Read and Edit mode for senior analysts.

BShare the dashboard in Read & Edit mode for senior analysts and Read Only for juniors analysts.

CShare the dashboard in Read and Write mode for senior analysts.

DShare the dashboard in Read Only mode for junior analysts and senior analysts.

Answer : B

Question 4

An engineer's organization system is registered in the following manner: . The engineer created a new indicator type for detecting systems using regex. The engineer would now like the username to be created as a separate 'User' indicator automatically once a system is found.

What is the most efficient way for the engineer to achieve this?

ACreate a custom indicator field named 'username' and link it to the internal system indicator

BChange the reputation command for the internal system indicator type

CCreate a new indicator type of the internal username and set a formatting script to extract only the
username

DCreate a new indicator type of the internal username and have the regex included on any string that has dash at the beginning

Answer : C

Question 5

What can be added to offload integration instance processing from the main server?

ADatabase node

BApplication server

CEngine

DDevelopment server

Answer : A

Question 6

What can you use to assign a layout, field, and playbook to an incoming incident?

APlaybook

BClassification and mapping

CIncident type

DPre-processing

Answer : B

Question 7

An incident field is created having the display name as Source_IP. How can the field be accessed?

A${incident.sourceip}

B${incident.Source_IP}

C${incident.srcip}

D${incident.Source IP}

Answer : C

Palo Alto Networks XSOAR Engineer XSOAR-Engineer Exam Questions