PCSAE Exam Questions
173 real PCSAE exam questions with expert-verified answers and explanations. Page 2 of 4.
- Question #56
A SOC manager built a dashboard and would like to share the dashboard with other team members. How would the SOC manager create a dashboard that meets this requirement?
- Question #57
Which two methods will allow data to be saved in incident fields within a playbook? (Choose two.)
- Question #58
Which built-in automation/command cab be used to change an incident's type?
- Question #59
An engineer notices that playbooks only start once the user clicks the `investigate' button and he/she would like the playbook to start automatically. How can this be implemented?
- Question #60
Where is incident data stored?
- Question #61
If disk use is 45%, which color is the disk status indicator on the System Health dashboard?
- Question #62
What are two sources of alert enrichment for Cortex XSOAR? (Choose two.)
- Question #63
Which two statements describe how timers are configured to start and stop automatically in a playbook? (Choose two.)
- Question #64
How long is the trial period for paid content packs?
- Question #65
Which three support types are included in the Marketplace Content Packs? (Choose three.)
- Question #66
Which three authentication methods are supported when logging into XSOAR? (Choose three.)
- Question #67
Which two components have their own context data? (Choose two.)
- Question #68
What are two main uses of context data? (Choose two.)
- Question #69
Multiple company assets were reported by vulnerability scanners as being vulnerable to CVE- 2017-11882. This vulnerability affects applications installed on workstations. The SOC t...
- Question #70
When creating a new tab in the layout, which section cannot be added?
- Question #71
Which type of task is used to interact with users through a survey?
- Question #72
Mapping of threat intel feeds enables which two abilities? (Choose two.)
- Question #73
Where can the entire history of group interactions involving an attack response be seen?
- Question #74
Which two capabilities do Automation script settings include? (Choose two.)
- Question #75
What is a primary use case of data collection tasks?
- Question #76
In which three locations can an engineer try to find information, when troubleshooting a failed integration instance error produced by the test button? (Choose three.)
- Question #77
In which two ways can data be transferred between playbooks and sub-playbooks? (Choose two.)
- Question #78
By default, which components does an XSOAR implementation include?
- Question #79
Which three statements are true about the Marketplace? (Choose three.)
- Question #80
Which command is used to retrieve lists to use in a playbook task?
- Question #81
Which is the default global registry for Docker?
- Question #82
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
- Question #83
After enriching a username using Active Directory, an engineer would like to send an email to the user's manager. However, this functionality is not part of the command output. The...
- Question #84
Where can engineers add the post-processing scripts to incidents?
- Question #85
An engineer would like to present a trend using widgets to compare to a previous week's dat
- Question #86
What happens when an integration is deprecated?
- Question #87
Which investigation element is best suited for collaboration among users?
- Question #88
Which two causes may be occurring if an integration test is working, but the integration is not fetching incidents? (Choose two.)
- Question #89
What can be added to offload integration instance processing from the main server?
- Question #90
Which XSOAR architecture would be recommended for Managed Security Service Providers (MSSP)?
- Question #91
An incident field is created having the display name as Source_IP. How can the field be accessed?
- Question #92
An engineer deployed two different instances of Active Directory for each organization site. As part of account enrichment use case, the engineer would like to delete a user from o...
- Question #93
An engineer is developing a playbook that will be run multiple times for testing purposes. What is the recommended first task to be used in the playbook?
- Question #94
What is the most effective way to correlate multiple raw events coming from a SIEM and link them together?
- Question #95
While testing a custom integration, an XSOAR engineer noticed that the incident fetch interval is missing. How can this be fixed?
- Question #96
What is the default landing page for a new user in XSOAR?
- Question #97
On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?
- Question #98
Which development languages are supported when creating XSOAR automation scripts?
- Question #99
What will happen if a playbook debugger is left running for more than 24 hours?
- Question #100
You need to retrieve a list of all malicious hashes over the last 30 days. What is the correct query to use?
- Question #101
What is the default configuration for indicator auto-extraction when incidents are created?
- Question #102
What are the out-of-the-box aggregate values that can be applied on widgets data?
- Question #103
What assigns newly ingested event attributes to incident fields?
- Question #104
The XSOAR administrator is writing an automation and would like to return an error entry back into XSOAR if a particular command errors out. How can this be achieved?
- Question #105
An organization has recently acquired another company as its subsidiary. The subsidiary has its infrastructure on AWS cloud as illustrated in the image below: The organization want...