nerdexam
Palo_Alto_Networks

XSOAR-ENGINEER · Question #38

XSOAR-ENGINEER Question #38: Real Exam Question with Answer & Explanation

The correct answer is B. Update. A pre-process rule with the "Update" action preserves matching incidents by updating an existing one instead of creating a new one. This prevents the playbook from being automatically triggered for every match while still retaining the incident data.

Question

Assuming an incident type configuration runs the associated playbook automatically, which pre- process rule action can preserve matching incidents without triggering the playbook?

Options

  • AClose
  • BUpdate
  • CDrop
  • DLink

Explanation

A pre-process rule with the "Update" action preserves matching incidents by updating an existing one instead of creating a new one. This prevents the playbook from being automatically triggered for every match while still retaining the incident data.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full XSOAR-ENGINEER Practice