Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

Discussions
  1. Home
  2. Paloalto Networks
  3. Palo Alto Certifications and Accreditations
  4. PCSAE
  5. Palo Alto Networks Certified Security Automation Engineer Questions and Answers

Pass the Paloalto Networks Palo Alto Certifications and Accreditations PCSAE Questions and answers with ValidTests

Exam PCSAE All Questions
Exam PCSAE Premium Access

View all detail and faqs for the PCSAE exam

Go to Exam
Viewing page 1 out of 5 pages
Viewing questions 1-10 out of questions
Questions # 1:

How long is the trial period for paid content packs?

Options:

A.

30 days

B.

14 days

C.

7 days

D.

60 days

Expert Solution
Questions # 2:

An analyst runs the following command in a playbook task:

!ip ip=1.1.1.1

Which extraction mode needs to be enabled on the Advanced tab of the playbook task to synchronously extract indicators from the results of this command?

Options:

A.

Synchronous

B.

Extract

C.

Out of band

D.

Inline

Expert Solution
Questions # 3:

Where would you look to find a personalized view of your own incidents and tasks?

Options:

A.

Incident Summary View

B.

My Incidents

C.

My Threat Landscape

D.

My Dashboard

Expert Solution
Questions # 4:

An engineer’s organization system is registered in the following manner: . The engineer created a new indicator type for detecting systems using regex. The engineer would now like the username to be created as a separate ‘User’ indicator automatically once a system is found.

What is the most efficient way for the engineer to achieve this?

Options:

A.

Create a custom indicator field named ‘username’ and link it to the internal system indicator

B.

Change the reputation command for the internal system indicator type

C.

Create a new indicator type of the internal username and set a formatting script to extract only the

username

D.

Create a new indicator type of the internal username and have the regex included on any string that has dash at the beginning

Expert Solution
Questions # 5:

During the regular maintenance of XSOAR a customer noticed that there was an update available for the Active Directory content pack (current version 1.4.6) and updated the content pack to the latest version (version 1.4.11). However, after the update the customer noticed that the Active Directory Query integration is not working properly and asked you to resolve the issue.

Which of the following set of steps can help to resolve the issue?

Options:

A.

Navigate to Settings

View the configured integrations and select Active Directory Authentication

Delete all integration instances and add all integration instances again

B.

Navigate to Marketplace

View the installed content pack and select Active Directory content pack

Select version 1.4.6 and click on "Revert to this version"

C.

Navigate to Settings

View the configured integrations and select Active Directory Query

Delete all integration instances and add all integration instances again

D.

Navigate to Marketplace

View the installed content pack and select Active Directory content pack

Click on uninstall content pack

Navigate to Marketplace browser and reinstall the Active Directory content pack

Expert Solution
Questions # 6:

An analyst wants to run a script to remove usernames from an incident before the incident becomes active in XSOAR. How can this be achieved?

Options:

A.

Run an automation script in the Playground to remove usernames from the incident.

B.

Create a pre-processing rule that runs an automation script to remove usernames from the incident as it comes into XSOAR.

C.

Run an automation script on the XSOAR server to remove usernames from the incident.

D.

Create a playbook task to remove the usernames from the incident.

Expert Solution
Questions # 7:

In order to automatically run a playbook on the indicators fetched by an integration, what would an XSOAR Administrator setup?

Options:

A.

Cron job

B.

Time triggered job

C.

Feed triggered job

D.

REST API job

Expert Solution
Questions # 8:

What is the most effective way to correlate multiple raw events coming from a SIEM and link them together?

Options:

A.

Process all alerts by running the respective playbook and link related incidents during post-processing

B.

Ingest all raw events, run a custom script to find the relationship between them and proceed to link them together

C.

Configure a pre-process rule to link related events as they are ingested

D.

Manually go through the incidents created by the raw events and link related incidents

Expert Solution
Questions # 9:

Who is permitted to create and submit content to the Marketplace?

Options:

A.

Only users with a valid Github account

B.

Any user who has signed up through the dev portal

C.

Any user who has a live.paloaltonetworks.com account

D.

All users with the correct XSOAR Role and Permissions

Expert Solution
Questions # 10:

What can be added to offload integration instance processing from the main server?

Options:

A.

Database node

B.

Application server

C.

Engine

D.

Development server

Expert Solution
Viewing page 1 out of 5 pages
Viewing questions 1-10 out of questions