palo alto networks pcsae practice test

Question 1

What are two main uses of context data? (Choose two.)

• A. Store incident information in JSON format
• B. Store incident information in XML format
• C. Pass data between playbook tasks
• D. Pass data between to-do tasks

Question 2

After enriching a username using Active Directory, an engineer would like to send an email to the users manager. However,
this functionality is not part of the command output. The engineer checks with raw-response=true and notices that the
managers email is returned, but not saved in the context.
How can the engineer save the data so it will be accessible?

• A. Mark ignore output = true
• B. Use extend-context
• C. Use raw-response = save
• D. Mark ignore input = true

Question 3

Which two reasons would lead an engineer to create a custom widget? (Choose two.)

• A. To visualize server configuration keys
• B. To visualize XSOAR list data
• C. To visualize complex incident data calculations
• D. To visualize context data
• E. To visualize a custom query

Question 4

What is the default task type when creating an empty task?

• A. Standard (Manual)
• B. Conditional
• C. Section header
• D. Standard (Automated)

Question 5

DRAG DROP
Match the corresponding action with the appropriate playbook tasks.
Select and Place:

Question 6

In which two scenarios would it be appropriate to implement a loop for a sub-playbook? (Choose two.)

• A. In repetitive process flows to iterate for each playbook input
• B. When continuously ingesting incidents from third-party systems
• C. In repetitive process flows with no more than 10 loops
• D. In repetitive processes that requires sub-playbook re-execution

Question 7

Which two methods are used to add new content to the XSOAR Content Repository? (Choose two.)

• A. Create content and add it to the standard content by contributing through the Marketplace
• B. Use the XSOAR GitHub Contribution Guide to add the contribution to the standard content
• C. Create a support ticket with the custom content for review by the support team
• D. Any custom content will be automatically uploaded to the content repository

Question 8

An engineer defined a dashboard which allows important metrics to be displayed. The engineer would like to make this
dashboard the default dashboard.
How can it be accomplished?

• A. Default Dashboard can be defined by ‘Role’
• B. Use the server configuration key: default.dashboards
• C. Save the dashboard as a widget and apply it to all users
• D. Right click on the dashboard tab and ‘Set as Default’

Question 9

Which two options may be added when a content pack is being installed? (Choose two.)

• A. Lists
• B. Roles
• C. Other content packs
• D. Indicator layouts

Question 10

Which two options will troubleshoot an integration’s fetch incidents command? (Choose two.)

• A. In the instance settings, enable the fetch incidents parameter and wait for one minute
• B. Create a one task playbook with a fetch-incident command
• D. execute !-fetch

Question 11

Which three statements are true about the Marketplace? (Choose three.)

• A. Allows reverting back to a previous version of a content pack
• B. Enables users to participate in the community by sharing content
• C. Publishes content without additional review from the Cortex XSOAR team
• D. Allows uploading of content in additional languages
• E. Offers granularity in installation through content packs

Question 12

In which two ways can data be transferred between playbooks and sub-playbooks? (Choose two.)

• A. Inputs and outputs
• B. Through integration context
• C. Automatically extracted by sub-playbooks
• D. From context data, if context is shared globally

Question 13

Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)

• A. Python
• B. Perl
• C. Go
• D. JavaScript
• E. Powershell

Question 14

An engineers organization system is registered in the following manner: . The engineer created a new indicator type for
detecting systems using regex. The engineer would now like the username to be created as a separate User indicator
automatically once a system is found.
What is the most efficient way for the engineer to achieve this?

• A. Create a custom indicator field named ‘username’ and link it to the internal system indicator
• B. Change the reputation command for the internal system indicator type
• C. Create a new indicator type of the internal username and set a formatting script to extract only the username
• D. Create a new indicator type of the internal username and have the regex included on any string that has dash at the beginning

Question 15

An engineer would like to add a custom field to the New Job form for a job triggered from a threat intel feed.
How would the engineer implement this?

• A. The new job form changes based on the threat intel feed integration configuration
• B. The new job form can be edited from the Indicator Feed incident type editor
• C. The new job form for a threat intel feed job cannot be edited
• D. The new job form can be edited from the threat intel feeds integration settings