PCSAE Exam Questions

A playbook task generates a report as HTML in the context data. An engineer creates a custom indicator field of type "HTML" and adds the field to a section in a custom indicator la...

What are the three ways to add/mark entries as evidence inside the Evidence Board? (Choose three.)

Which tag must be applied to an Automation Script in order for it to be available when configuring an Indicator Type?

Which playbook will a job run by default?

Which of the following is a feature of XSOAR automations?

An administrator wants to send an email via the Mail Sender integration. Which of the following out of the box methods would be used for that?

When is the post-processing script executed in XSOAR?

Which option is available in XSOAR to create the body of a Threat Intel Report?

Given the following context data, what would be the expected output of the expression?

Where are incident layouts customized?

How can Cortex XSOAR administrators prevent junior analysts from viewing a senior analyst dashboard?

Which content type cannot be managed using remote repositories?

An analyst wants to run a script to remove usernames from an incident before the incident becomes active in XSOAR. How can this be achieved?

Which task type would be used to verify/check that an integration was enabled?

What is used to trigger playbooks automatically based on the classification of an incident?

After executing the DeleteContext automation with all=yes argument, how would the context data of an incident present?

An XSOAR engineer has been tasked with exporting all indicators from the production environment in the last 90 days. The final report needs to be in CSV format containing all indic...

An administrator has noticed that an incident fetch has failed, causing several internal workflows to be backed up. The administrator would like to receive notifications the next t...

An analyst runs the following command in a playbook task: !ip ip=1.1.1.1 Which extraction mode needs to be enabled on the Advanced tab of the playbook task to synchronously extract...

Threat Intel search queries can be shared with which of the following? (Select 1)

An administrator wants to run an automation in the War Room to set the incident field "Description" to "Confirmed Phishing". Which command should they enter in the War Room CLI?

Select the correct incident life cycle on XSOAR.

Which of the following does a XSOAR Admin need to create an integration with a third party cloud application?

Which of the following is a prerequisite to editing out-of-the-box (OOTB) content?

At what stage during the incident lifecycle is an incident type assigned?

What can you use to assign a layout, field, and playbook to an incoming incident?

For troubleshooting, after a log bundle is created, where do the logs appear on the XCSOAR server?

Which three types of information are displayed on the incident Quick View? (Choose three.)

Where do you navigate to monitor and improve the system performance and resilience for hosts in a multitenant environment?

When creating an automation in XSOAR, what is the best way to create a log message?

What is an example of a generic reputation command?

During the regular maintenance of XSOAR a customer noticed that there was an update available for the Active Directory content pack (current version 1.4.6) and updated the content...

When developing the playbook, which of the following can be used by a XSOAR Administrator?

Which field type provides an interactive and editable display of table-based data?

What is the function of timer SLA fields in Cortex XSOAR?

What are inputs and outputs in reference to a Playbook Development Lifecycle? (Choose three.)

Inside the Incidents table view, which actions can be performed on the selected incidents? (Choose two.)

An administrator has noticed that an integration has failed to fetch incidents. Where would they go to download logs to troubleshoot the error?

In Cortex XSOAR multi tenant setup, when content from a development server is pushed to the remote repository, where in the production server can the updates be found?

To avoid exceeding API quotas for third-party services, indicators are only updated after the indicator cache expiration period. What is the default cache expiration period for ind...

When browsing the Marketplace for new content packs, which details about each pack are you able to view?

A SOC analyst needs to retrieve the list of all open phishing incidents in the last 30 days. What is the correct query to use?

During configuration of the inputs of a sub-playbook in the main playbook, there is an option under the Loop tab called "For Each Input". What is this option used to?

What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)

Which of these would be the most operationally efficient repository for moving XSOAR custom content from a development server to a production environment?

Where would you look to find a personalized view of your own incidents and tasks?

Which of the following is a basic setting that can be configured in an automation?

Which of the following are valid methods to contribute custom content? (Choose three.)

What does the outgoing mapper support?

What happens if both a Classifier and Incident Type are configured in an integration instance's settings?