Palo_Alto_Networks
XSOAR-ENGINEER · Question #40
XSOAR-ENGINEER Question #40: Real Exam Question with Answer & Explanation
Sign in or unlock XSOAR-ENGINEER to reveal the answer and full explanation for question #40. The question stem and answer options stay visible for context.
Question
A playbook loop that interacts with Active Directory for user details (yielding extensive data) is altered to extract newly acquired indicators of compromise (IOCs). This change results in two critical issues: - Rate limits being hit on integrated reputation services - Incidents associated with hundreds of indicators Given the settings below, what would prevent the issues in this use case? Incident Type: AD-Analysis Extract Indicators on Incident Creation: Use System Default (None) Extract Indicators on Field Change: Inline Task 1: ad-get-user Mark results as note: False Indicator Extract Mode: Inline Quiet Mode: False Task 2: ad-disable-account Mark results as note: True Indicator Extract Mode: None Quiet Mode: True Task 3: servicenow-update-Lickel. Mark results as note: False Indicator Extract Mode: Use System Default Quiet Mode: False
Options
- ASetAD-Analysis incident creation extraction to "Extract specific indicators."
- BSet ad-get-user indicator extraction mode to None.
- CSet servicenow-update-ticket indicator extraction mode to Inline.
- DDisable the feature that allows marking task outputs as notes.
Unlock XSOAR-ENGINEER to see the answer
You've previewed enough free XSOAR-ENGINEER questions. Unlock XSOAR-ENGINEER for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.