PCSAE Exam Questions
173 real PCSAE exam questions with expert-verified answers and explanations. Page 1 of 4.
- Question #1
Which two incident search queries are valid? (Choose two.)
- Question #2
What is the correct expression to use when filtering only PDF files?
- Question #3
Whar are possible war room result (entry) types?
- Question #4
An engineer asked for a specific command in an integration but the capability does not exist. The engineer decided to edit the existing integration by copying the integration and a...
- Question #5
How is data transferred between playbook tasks?
- Question #6
A large number of incidents were deleted by mistake. Which two architecture components can be used to recover the lost data? (Choose two.)
- Question #7
Which two statements accurately describe layouts? (Choose two.)
- Question #8
An engineer's organization system is registered in the following manner: <SiteName-SystemID-Username>. The engineer created a new indicator type for detecting systems using regex....
- Question #9
Which two options are the most effective for moving content between two environments? (Choose two.)
- Question #10
Which three options can be defined in the layout settings? (Choose three.)
- Question #11
What can be used as integration parameters?
- Question #12
Which two features does XSOAR offer to help recover from a server failure? (Choose two.)
- Question #13
When uploading content, which two options could the upload include? (Choose two.)
- Question #14
An engineer defined a dashboard which allows important metrics to be displayed. The engineer would like to make this dashboard the default dashboard. How can it be accomplished?
- Question #15
How would context data be filtered to receive only malicious indicator values with DBotScore?
- Question #16
Can an automation script execute an integration command and an integration command execute an automation script?
- Question #17
Which two options will troubleshoot an integration's fetch incidents command? (Choose two.)
- Question #18
Incidents need to be filtered by all of the following criteria: 1. Status - Pending 2. Exclude Category - Job 3. Severity - High 4. Owner - None (No owner assigned) 5. Type - Phish...
- Question #19
What does Script helper contain?
- Question #20
When mapping incoming data to incident fields, which statement is correct?
- Question #21
Which two situations would an engineer consider when configuring classification and mapping for an incident type? (Choose two.)
- Question #22
Which two options may be added when a content pack is being installed? (Choose two.)
- Question #23
What are two primary uses of standard tasks? (Choose two.)
- Question #24
An engineer would like to change an incident's SLA according to the severity field changes. How can the engineer achieve this task?
- Question #25
What are three different loop types in a playbook? (Choose three.)
- Question #26
What are two common use cases for conditional tasks? (Choose two.)
- Question #27
An engineer wants to customize the regex for the default IP indicator type. How can this change be implemented?
- Question #28
In which two scenarios would it be appropriate to implement a loop for a sub-playbook? (Choose two.)
- Question #29
Which configuration is a valid distributed database (DB) implementation?
- Question #30
An engineer would like to add a custom field to the New Job form for a job triggered from a threat intel feed. How would the engineer implement this?
- Question #31
An automation returned an output called: csvReport. What filter would be used to check if the automation returned results?
- Question #32
What is the difference between labels and fields?
- Question #33
What is the default task type when creating an empty task?
- Question #34
Which two methods are used to add new content to the XSOAR Content Repository? (Choose two.)
- Question #35
In which two options can an automation script be executed? (Choose two.)
- Question #36
By default, automation written in which language will be executed in a Docker container?
- Question #37
What is the correct definition regarding integration parameters and command arguments?
- Question #38
In which two locations can filters and transformers be used in XSOAR? (Choose two.)
- Question #39
Which three actions can an engineer take on the troubleshooting page? (Choose three.)
- Question #40
An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users. Which two options are available to the Engineer for c...
- Question #41
Which two input requirements are needed to train a machine learning model? (Choose two.)
- Question #42
Which two solutions are available to scale an overloaded XSOAR environment? (Choose two.)
- Question #43
Management would like to get an incident report automatically following an incident's closure. How would this be accomplished?
- Question #44
Which two reasons would lead an engineer to create a custom widget? (Choose two.)
- Question #50
How do incidents relate to indicators?
- Question #51
In Cortex XSOAR, what do integrations do?
- Question #52
Which two advanced attributes can be applied to incident fields when editing? (Choose two.)
- Question #53
Given an incident with three files, how could the name of the second file be referenced?
- Question #54
Which component can be part of a load balancing group?
- Question #55
Which method accesses a field called `User Mail' in a playbook?