New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Paloalto Networks XSOAR-Engineer - Palo Alto Networks XSOAR Engineer

Paloalto Networks XSOAR-Engineer Premium Access     Download Demo    
Page: 1 / 6
Total 204 questions

Where can engineers add the post-processing scripts to incidents?

A.

The post-processing tag must be added to the automation

B.

Post-processing scripts must be added at the end of playbooks

C.

Post-processing scripts must be added from the Incident Type editor

D.

Post-processing scripts must be added from the Post-Process Rules editor

Based on the image below, what is the output when "Test" is clicked?.

A.

Orange.

B.

Blue.

C.

Yellow.

D.

Red.

A SOC analyst needs to retrieve the list of all open phishing incidents in the last 30 days. What is the correct query to use?

A.

-status:closed -category:job type:Phishing created:>="30 days ago"

B.

status:closed -category:jobandtype:Phishing created:>="30 days ago"

C.

-status:closed -category:jobandtype:Phishing created:<="30 days ago"

D.

-status:closed -category:job type:Phishing created:="30 days ago"

What is the default configuration for indicator auto-extraction when incidents are created?

A.

Inline

B.

Inband

C.

None

D.

Out of band

Which of the following does a XSOAR Admin need to create an integration with a third party cloud application?

A.

Marketplace access

B.

Application with API

C.

Private key/Public key integration

D.

Multitenant deployment

Which of the following is a basic setting that can be configured in an automation?

A.

Summary

B.

Compiler

C.

Schedule

D.

Run On

When creating an incident layout section, it is best to place long field values within which of the following?

A.

Section headers

B.

Rows

C.

Canvas

D.

Cards

What happens if both a Classifier and Incident Type are configured in an integration instance's settings?

A.

The administrator will receive a notification that there is both a Classifier and Incident Type set for that integration instance.

B.

The Incident Type will be ignored, and incoming incidents will be classified according to the Classifier.

C.

The Classifier will be ignored, and incoming incidents will be classified according to the Incident Type.

D.

Both the Classifier and Incident Type will classify incoming incidents.

Previous playbook tasks have built out the context in the image below.

When specifying ${User.Name} as an input for a sub playbook task which has the default loop configuration, how many times will the sub-playbook be executed?.

A.

0.

B.

1.

C.

3.

D.

4.

An engineer would like to add a custom field to the New Job form for a job triggered from a threat intel feed. How would the engineer implement this?

A.

The new job form changes based on the threat intel feed integration configuration

B.

The new job form can be edited from the Indicator Feed incident type editor

C.

The new job form for a threat intel feed job cannot be edited

D.

The new job form can be edited from the threat intel feeds integration settings