XSOAR-Engineer by Palo Alto Networks Actual Free Exam Q&As

Question 1

If a known malicious domain is no longer associated with a specific IP address, which action will make the association inactive?.

A. Update the indicator relationship description. B. Expire the IP address indicator. C. Update the relationship type. D. Revoke the relationship.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 2

In which two options can an automation script be executed? (Choose two.)

A. Playbook B. War room C. Engine D. Integration

Discussion 0

Correct Answer: A,B Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 3

An incident field is created having the display name as Source_IP. How can the field be accessed?

A. ${incident.Source_IP} B. ${incident.srcip} C. ${incident.Source IP} D. ${incident.sourceip}

Discussion 0

Correct Answer: B Vote an answer

Question 4

Where would you look to find a personalized view of your own incidents and tasks?

A. Incident Summary View B. My Incidents C. My Dashboard D. My Threat Landscape

Discussion 0

Correct Answer: C Vote an answer

Question 5

Where are incident layouts customized?

A. Settings > Integrations > Instance configuration B. Settings > Object Setup > Indicators > Layouts C. Settings > Object Setup > Incidents > Layouts D. Settings > Advanced > Incident Layouts

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 6

The XSOAR administrator is writing an automation and would like to return an error entry back into XSOAR if a particular command errors out. How can this be achieved?

A. Using a print statement B. Using the demisto.debug() function C. Using the return_error() function D. Using the demisto_error() function

Discussion 0

Correct Answer: B Vote an answer

Question 7

What is the correct expression to use when filtering only PDF files?

A. Use File.Extension contains (general) PDF B. Use File.Extension equals (string comparison) PDF C. Use File.Extension that does not equal (string comparison) PDF D. Use File.Name contains PDF

Discussion 0

Correct Answer: B Vote an answer

Question 8

Which two statements describe how timers are configured to start and stop automatically in a playbook?
(Choose two.)

A. After the playbook has run, calculate the total time taken and set the timer field with this value B. From the Timers tab of the playbook task, choose the action for the timer and the timer field to perform the action on C. Use a field of Number to count the number of seconds elapsed between two tasks D. To begin counting time taken, add a task in the playbook with automation startTimer. To end the counting, add a task with automation stopTimer

Discussion 0

Correct Answer: B,D Vote an answer

Question 9

What are two primary uses of standard tasks? (Choose two.)

A. To create an incident or escalate an existing incident B. To highlight different paths in a playbook C. To automate tasks such as parsing a file or enriching indicators D. To generate new widgets for a dashboard

Discussion 0

Correct Answer: A,C Vote an answer

Question 10

An administrator has noticed that an integration has failed to fetch incidents. Where would they go to download logs to troubleshoot the error?

A. Settings > About > Troubleshooting > Set Log Level to Debug > Download Logs B. Go to the Marketplace > Download the Fix my XSOAR playbook pack > Run the playbook > Download logs from War Room C. DashboardsandReports > System Health D. Settings > About > System Diagnostics

Discussion 0

Correct Answer: A Vote an answer

Question 11

What is the most effective way to correlate multiple raw events coming from a SIEM and link them together?

A. Configure a pre-process rule to link related events as they are ingested B. Process all alerts by running the respective playbook and link related incidents during post-processing C. Ingest all raw events, run a custom script to find the relationship between them and proceed to link them together D. Manually go through the incidents created by the raw events and link related incidents

Discussion 0

Correct Answer: A Vote an answer

Question 12

Which three options can be defined in the layout settings? (Choose three.)

A. Dynamic sections B. Set of fields to present C. Delete built-in tabs including the war room D. Permission to view the tab based on 'Users' E. Permission to view the tab based on 'Roles'

Discussion 0

Correct Answer: A,B,E Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 13

What is the unique identifier for a note in the incident War Room?.

A. Incident ID. B. Field ID. C. Entry ID. D. Note ID.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 14

What must happen before a pre-process rule can be applied to a potential incident?.

A. Playbook execution. B. Mapping. C. Classification. D. Ingestion.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Question 15

In Cortex XSOAR multi tenant setup, when content from a development server is pushed to the remote repository, where in the production server can the updates be found?

A. Agent tools B. Main Account C. Marketplace D. Tenants

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).

Palo Alto Networks XSOAR Engineer - XSOAR-Engineer Exam Practice Test