Free PCSAE Sample Questions — Palo Alto Networks Certified Security Automation Engineer

Which of these would be the most operationally efficient repository for moving XSOAR custom content from a development server to a production environment?

• A. content repository specified in the Marketplace
• B. Remote git repository specified in the dev-prod configuration parameters
• C. The development server's default repository
• D. Cortex XSOAR public content repository

Which field type should be used to hold more than 60,000 characters of unformatted text?

• A. Short Text
• B. HTML
• C. Long Text
• D. Markdown

Which two solutions are available to scale an overloaded XSOAR environment? (Choose two.)

• A. Add a distributed database server
• B. Add an indexing server
• C. Add a live backup server (disaster recovery)
• D. Add an engine

What is the function of timer SLA fields in Cortex XSOAR?

• A. To track SLA breaches per playbook
• B. To run a script that executes on SLA assignment
• C. To automatically alert the analyst on SLA breach
• D. To count the time between one or more tasks

What is the most effective way to correlate multiple raw events coming from a SIEM and link them together?

• A. Process all alerts by running the respective playbook and link related incidents during post-processing
• B. Ingest all raw events, run a custom script to find the relationship between them and proceed to link them together
• C. Configure a pre-process rule to link related events as they are ingested
• D. Manually go through the incidents created by the raw events and link related incidents

Which component can be part of a load balancing group?

• A. Distributed database
• B. D2 agent
• C. Engine
• D. Load balancing server

When creating an automation in XSOAR, what is the best way to create a log message?

• A. Using a debug statement
• B. Using the demisto.debug() function
• C. Using a print statement
• D. Using the demisto.results() function

What is the default task type when creating an empty task?

• A. Standard (Manual)
• B. Conditional
• C. Section header
• D. Standard (Automated)

An engineer would like to add a custom field to the New Job form for a job triggered from a threat intel feed. How would the engineer implement this?

• A. The new job form changes based on the threat intel feed integration configuration
• B. The new job form can be edited from the Indicator Feed incident type editor
• C. The new job form for a threat intel feed job cannot be edited
• D. The new job form can be edited from the threat intel feeds integration settings

Which field type provides an interactive and editable display of table-based data?

• A. HTML
• B. Grid (table)
• C. Markdown
• D. Multi Select

Which two components have their own context data? (Choose two.)

• A. Sub-playbook
• B. Task
• C. Field
• D. Incident

When uploading content, which two options could the upload include? (Choose two.)

• A. Indicators
• B. Incidents
• C. Reports
• D. Fields

Which two functions in XSOAR are incident types used for? (Choose two.)

• A. To run dedicated playbooks for different event types
• B. To classify events ingested from various sources into the relevant types
• C. To classify indicators extracted in XSOAR incidents to their respective types
• D. To facilitate role based access to XSOAR incidents

Which two methods will allow data to be saved in incident fields within a playbook? (Choose two.)

• A. setFields
• B. Field mapping
• C. setIncident
• D. Layout inline editing

What will happen if a playbook debugger is left running for more than 24 hours?

• A. By default, every 24 hours, the system closes any debugger sessions that have been open for more than 180 minutes
• B. The session must be stopped during 180 minutes manually by administrator, user will receive notification automatically
• C. The session will be running till stopped manually by administrator
• D. By default, the system closes automatically any debugger session that have been open 180 minutes

During the regular maintenance of XSOAR a customer noticed that there was an update available for the Active Directory content pack (current version 1.4.6) and updated the content pack to the latest version (version 1.4.11). However, after the update the customer noticed that the Active Directory Query integration is not working properly and asked you to resolve the issue. Which of the following set of steps can help to resolve the issue?

• A. a) Navigate to Settings b) View the configured integrations and select Active Directory Authentication c) Delete all integration instances and add all integration instances again
• B. a) Navigate to Marketplace b) View the installed content pack and select Active Directory content pack c) Select version 1.4.6 and click on "Revert to this version"
• C. a) Navigate to Settings b) View the configured integrations and select Active Directory Query c) Delete all integration instances and add all integration instances again
• D. a) Navigate to Marketplace b) View the installed content pack and select Active Directory content pack c) Click on uninstall content pack d) Navigate to Marketplace browser and reinstall the Active Directory content pack

Which option is available in XSOAR to create the body of a Threat Intel Report?

• A. Markdown
• B. Grid Fields
• C. DOC format
• D. Javascript

Which two options may be added when a content pack is being installed? (Choose two.)

• A. Lists
• B. Roles
• C. Other content packs
• D. Indicator layouts

Which of the following is a feature of XSOAR automations?

• A. can run on multiple docker containers
• B. can be set to run on a scheduled basis in the automation settings
• C. can be password protected
• D. can be written in C++

What is an example of a generic reputation command?

• A. !ip
• B. !getReputation
• C. !reputation
• D. !enrichIndicator