palo alto networks PCSAE Exam Questions

Questions for the PCSAE were updated on : Dec 23 ,2024

Page 1 out of 6. Viewing questions 1-15 out of 84

Question 1

How is data transferred between playbook tasks?

  • A. Read/Write from context data
  • B. Over war room results
  • C. Input from the indicator page
  • D. Directly from a previous task
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

An automation returned an output called: csvReport.
What filter would be used to check if the automation returned results?

  • A. Contains/Includes
  • B. Equals/Matches
  • C. In/In list
  • D. Is defined/Exist
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

When mapping incoming data to incident fields, which statement is correct?

  • A. Data that is not mapped is placed under labels
  • B. Only text fields are classified
  • C. Classification cannot be used if mapping is enabled
  • D. Every incoming field must be mapped
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://xsoar.pan.dev/docs/incidents/incident-classification-mapping

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

What is the correct definition regarding integration parameters and command arguments?

  • A. Parameters are global variables which means that every command can use these configurable options in order to run. Arguments are shared with other commands and must be present for each command.
  • B. Parameters are local variables which means that every command can use these configurable options in order to run. Arguments are shared with other commands and must be present for each command.
  • C. Parameters are local variables which means that every command can use these configurable options in order to run. Arguments are specific to only one command.
  • D. Parameters are global variables which means that every command can use these configurable options in order to run. Arguments are specific to only one command.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://xsoar.pan.dev/docs/tutorials/tut-integration-ui

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

Which method accesses a field called ‘User Mail’ in a playbook?

  • B. ${incident.User Mail}
  • C. ${incident.UserMail}
  • D. ${usermail}
Answer:

A

User Votes:
B
50%
C
50%
D
50%
Discussions
vote your answer:
B
C
D
0 / 1000

Question 6

What is a primary use case of data collection tasks?

  • A. To allow multi-question surveys without authentication restrictions
  • B. To automate tasks such as parsing a file or enriching indicators
  • C. To generate new widgets for a dashboard
  • D. To determine different paths in a playbook
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/playbooks/playbook-
tasks/communication-tasks/create-a-data-collection-task.html

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

What does Script helper contain?

  • A. Available commands
  • B. Permission settings
  • C. Automation version history
  • D. Automation timeout configuration
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://xsoar.pan.dev/docs/concepts/xsoar-ide

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

What is the difference between labels and fields?

  • A. Fields can be used in playbooks and labels cannot
  • B. Fields are indexed in the database and labels are not
  • C. Labels can be used in queries and fields cannot
  • D. Labels are indexed in the database and fields are not
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

An engineer deployed two different instances of Active Directory for each organization site. As part of account enrichment
use case, the engineer would like to delete a user from one specific site.
Which command will accomplish this?

  • A. run ‘ad-delete-user’ command with ‘user-dn’ arg and using-brand=“Active Directory Query v2”
  • B. run ‘ad-delete-user’ command with ‘user-dn’ arg and raw-response=true
  • C. run ‘ad-delete-user’ command with ‘user-dn’ arg and ignore-outputs=true
  • D. run ‘ad-delete-user’ command with ‘user-dn’ arg and using=“Active Directory Query v2_instance_1”
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

An engineer is developing a playbook that will be run multiple times for testing purposes.
What is the recommended first task to be used in the playbook?

  • A. DeleteContext
  • B. GenerateTest
  • C. PrintContext
  • D. SetContext
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://xsoar.pan.dev/docs/integrations/test-playbooks

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

When uploading content, which two options could the upload include? (Choose two.)

  • A. Indicators
  • B. Incidents
  • C. Reports
  • D. Fields
Answer:

A B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

DRAG DROP
Match the action with the most appropriate playbook task type.
Select and Place:

Answer:


Explanation:
https://www.jaacostan.com/2021/02/palo-alto-cortex-xsoar-playbook-icons.html

Discussions
0 / 1000

Question 13

Given an incident with three files, how could the name of the second file be referenced?

  • A. ${Files.[2].Name}
  • B. ${Files.Name.[2]}
  • C. ${File.[1].Name}
  • D. ${File.Name.[1]}
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

What are three different loop types in a playbook? (Choose three.)

  • A. Automation
  • B. Built-in
  • C. Data collection
  • D. Conditional
  • E. For-each
Answer:

C D E

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 15

An engineer asked for a specific command in an integration but the capability does not exist. The engineer decided to edit
the existing integration by copying the integration and adding the needed commands.
What is the main concern when adding these commands?

  • A. The commands must return a proper result to the war room for the analysts to understand
  • B. The code may not be written to XSOAR standards
  • C. The integrations are locked and cannot be edited with additional commands
  • D. The custom integration will not be maintained and updated by XSOAR content team
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2