Winter Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

PCSAE Questions and Answers

Question # 6

In Cortex XSOAR multi tenant setup, when content from a development server is pushed to the remote repository, where in the production server can the updates be found?

A.

Main Account

B.

Tenants

C.

Agent tools

D.

Marketplace

Full Access
Question # 7

What are the out-of-the-box aggregate values that can be applied on widgets data?

A.

Min, Max, Count, Average, Custom Transformers

B.

Min, Max, Count, Average, Custom Group By

C.

Count, Average, Sum, Min, Max

D.

Count, Sum, Min, Max, Transformers

Full Access
Question # 8

An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users.

Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)

A.

Open a ticket with the XSOAR support team

B.

Create a pull request directly on Github

C.

Contribute through the XSOAR UI

D.

Send an email to contributions@xsoar.com

Full Access
Question # 9

Which playbook will a job run by default?

A.

The playbook assigned to the incident type

B.

The playbook assigned to the indicator type

C.

The playbook assigned during pre-processing

D.

The playbook assigned by the integration

Full Access
Question # 10

Given the following context data, what would be the expected output of the expression?

A.

1E56733826E5035233A097FCEA2046AF96EC616C

B.

E6EF5142E2553C1E442A0FFAC07636EAC61E6EDD

C.

8D193FA162A305E4859BA8C45F5121F7265E3ABB

D.

e6ef5142e2553c1e442a0ffac07636eac61e6edd

Full Access
Question # 11

What will happen if a playbook debugger is left running for more than 24 hours?

A.

By default, every 24 hours, the system closes any debugger sessions that have been open for more than 180 minutes.

B.

The session must be stopped during 180 minutes manually by administrator, user will receive notification automatically.

C.

The session will be running till stopped manually by administrator.

D.

By default, the system closes automatically any debugger session that have been open 180 minutes.

Full Access
Question # 12

Which development languages are supported when creating XSOAR automation scripts?

A.

C++, Python, Powershell

B.

Ruby, C++, Python

C.

Javascript, Powershell, C++

D.

Python, Powershell, Javascript

Full Access
Question # 13

Which field type should be used to hold more than 60,000 characters of unformatted text?

A.

Short Text

B.

HTML

C.

Long Text

D.

Markdown

Full Access
Question # 14

How is data transferred between playbook tasks?

A.

Read/Write from context data

B.

Over war room results

C.

Input from the indicator page

D.

Directly from a previous task

Full Access
Question # 15

When browsing the Marketplace for new content packs, which details about each pack are you able to view?

A.

The integration’s source code

B.

A summary of each version history

C.

A test instance for the content pack

D.

The source code of each playbook

Full Access
Question # 16

An incident field is created having the display name as Source_IP. How can the field be accessed?

A.

${incident.sourceip}

B.

${incident.Source_IP}

C.

${incident.srcip}

D.

${incident.Source IP}

Full Access
Question # 17

During configuration of the inputs of a sub-playbook in the main playbook, there is an option under the Loop tab called "For Each Input". What is this option used to?

A.

To loop the sub-playbook over all context values present in the investigation

B.

To loop the sub-playbook over all incident fields for the given incident

C.

To loop the sub-playbook over all the fields marked as important

D.

To loop the sub-playbook over all defined sub-playbook inputs

Full Access
Question # 18

An XSOAR engineer has been tasked with exporting all indicators from the production environment in the last 90 days. The final report needs to be in CSV format containing all indicator fields. How can this task be achieved?

A.

Run the command !GetIndicatorsByQuery in CLI with its default arguments and export all indicators in the last 90 days.

B.

SSH into the server and copy the indicator's database.

C.

In the Threat Intel page, add query firstSeen:>="90 days ago", select All columns in Table View, and click Export to export as a CSV.

D.

Run the command !findIndicators in CLI with the query firstSeen:>="90 days ago" and export to CSV.

Full Access
Question # 19

Which two components have their own context data? (Choose two.)

A.

Sub-playbook

B.

Task

C.

Field

D.

Incident

Full Access
Question # 20

What is the function of timer SLA fields in Cortex XSOAR?

A.

To track SLA breaches per playbook

B.

To run a script that executes on SLA assignment

C.

To automatically alert the analyst on SLA breach

D.

To count the time between one or more tasks

Full Access
Question # 21

To avoid exceeding API quotas for third-party services, indicators are only updated after the indicator cache expiration period. What is the default cache expiration period for indicators in XSOAR (minutes/days)?

A.

10,080 minutes (7 days)

B.

20,160 minutes (14 days)

C.

21,600 minutes (15 days)

D.

4,320 minutes (3 days)

Full Access
Question # 22

What are inputs and outputs in reference to a Playbook Development Lifecycle? (Choose three.)

A.

Inputs are data pieces that are present in the playbook

B.

Inputs are data pieces that are present in the task

C.

Outputs are used as incident trigger for playbook

D.

Outputs can be derived from the result of a task or command

E.

Inputs are the data fields parsed by the Classifier

Full Access
Question # 23

After enriching a username using Active Directory, an engineer would like to send an email to the user’s manager. However, this functionality is not part of the command output. The engineer checks with raw- response=true and notices that the manager’s email is returned, but not saved in the context.

How can the engineer save the data so it will be accessible?

A.

Mark ignore output = true

B.

Use extend-context

C.

Use raw-response = save

D.

Mark ignore input = true

Full Access