Paloalto Networks PCSAE Real Exam Questions
The questions for PCSAE were last updated at Dec 19,2024.
- Exam Code: PCSAE
- Exam Name: Palo Alto Networks Certified Security Automation Engineer
- Certification Provider: Paloalto Networks
- Latest update: Dec 19,2024
Question #11
Your customer requires a field on the worksheet where planners can select from a list to categorize the reason for the employee receiving a lump sum.
How can you achieve this?
- A . Create a read-only string field and make it reloadable
- B . Create an editable string field and make it reportable
- C . Create a read-only string field and make it reportable
- D . Create an editable string field with enumerated values
Correct Answer: D
Question #2
Email Subject C “You have won a million dollars”
What is the correct query syntax for the above incident search filter?
- A . status==“Pending“ && category!=”job” && severity==”High” && owner==”None” && type==”Phishing” && emailsubject==”You have won a million dollars”
- B . Status:Pending and CCategory:job and Severity:High and Owner:”” and Type:Phishing and Email Subject:You have won a million dollars
- C . status:Pending and Ccategory:job and severity:High and owner:”” and type:Phishing and emailsubject:”You have won a million dollars”
- D . status:Pending or Ccategory:job or severity:High or owner:”” or type:Phishing or emailsubject:”You have won a million dollars”
Correct Answer: C
C
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/cortex-xsoar- overview/how-to-search-in-cortex-xsoar.html#idcd7fe505-c1c1-42f5-a698-08b5710196d3
C
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/cortex-xsoar- overview/how-to-search-in-cortex-xsoar.html#idcd7fe505-c1c1-42f5-a698-08b5710196d3
Question #3
How is data transferred between playbook tasks?
- A . Read/Write from context data
- B . Over war room results
- C . Input from the indicator page
- D . Directly from a previous task
Correct Answer: A
Question #4
How would context data be filtered to receive only malicious indicator values with DBotScore?
- A . Get DBotScore.value where DBotScore.Score (Larger or equals) 4
- B . Get DBotScore.value where DBotScore.Score (equals (int)) 3
- C . Get DBotScore where DBotScore.Score (Larger than) 1
- D . Get DBotScore where DBotScore.Score (Larger or equals) 2
Correct Answer: B
B
Explanation:
Reference: https://github.com/demisto/content/blob/master//Packs/DeprecatedContent/Integrations/PaloAlto_MineMeld/README.md
B
Explanation:
Reference: https://github.com/demisto/content/blob/master//Packs/DeprecatedContent/Integrations/PaloAlto_MineMeld/README.md
Question #5
Inside the Incidents table view, which actions can be performed on the selected incidents? (Choose two.)
- A . Run Command, Export, and Close and Delete for all selected incidents regardless of their status
- B . Assign, Edit, and Mark as Duplicate for all selected incidents regardless of their status
- C . Run Command for all selected incidents having Active status
- D . Export incidents as JSON and change incident status
Correct Answer: A,B
Question #6
Which of the following is a feature of XSOAR automations?
- A . can run on multiple docker containers
- B . can be set to run on a scheduled basis in the automation settings
- C . can be password protected
- D . can be written in C++
Correct Answer: C
Question #7
Reliability scores in XSOAR range from A through F.
What do A and F stand for?
- A . F – Reliability cannot be judged, A – Completely Reliable
- B . F – Not reliable, A – Usually Reliable
- C . F – Not usually reliable, A – Fairly Reliable
- D . F – Unreliable, A – Completely Reliable
Correct Answer: A
Question #8
Which two methods are used to add new content to the XSOAR Content Repository? (Choose two.)
- A . Create content and add it to the standard content by contributing through the Marketplace
- B . Use the XSOAR GitHub Contribution Guide to add the contribution to the standard content
- C . Create a support ticket with the custom content for review by the support team
- D . Any custom content will be automatically uploaded to the content repository
Correct Answer: A,B
Question #9
Where can engineers add the post-processing scripts to incidents?
- A . The post-processing tag must be added to the automation
- B . Post-processing scripts must be added at the end of playbooks
- C . Post-processing scripts must be added from the Incident Type editor
- D . Post-processing scripts must be added from the Post-Process Rules editor
Correct Answer: C
Question #9
Where can engineers add the post-processing scripts to incidents?
- A . The post-processing tag must be added to the automation
- B . Post-processing scripts must be added at the end of playbooks
- C . Post-processing scripts must be added from the Incident Type editor
- D . Post-processing scripts must be added from the Post-Process Rules editor
Correct Answer: C