Palo Alto Networks XSOAR Engineer v1.0

Page:    1 / 4   
Exam contains 50 questions
Expand All

Where is a custom layout for an incident configured?

  • A. Pre-process rule
  • B. Incident playbook
  • C. Integration instance settings
  • D. Incident type


Answer : D

When re-assigning an existing incident to a new incident type, an engineer is concerned about the preservation of critical data currently stored in fields that are only associated to the original incident type.
Upon making the change, in which state will the critical data be in the now unassociated fields?

  • A. Hidden from the Context Data but accessible
  • B. Visible within Context Data and fully accessible
  • C. Visible with Context Data, grayed out, and fully accessible
  • D. Hidden from Context Data and no longer accessible


Answer : B

Which two features can be used together to automatically execute a search on a remote SIEM for extracted IP Indicators? (Choose two.)

  • A. Reputation script
  • B. Enhancement script
  • C. Integration command
  • D. Feed-triggered job


Answer : BC

Based on the image below, what will be the type of this new incident?

  • A. Cortex XDR Incident - Quasar
  • B. Cortex XDR Incident
  • C. Unclassified
  • D. Default


Answer : A

An engineer wants to save a command output to a custom context key using "Extend Context" in a playbook task. To do this, the engineer needs the full context path of the command's output.
Which common CLI argument or flag can help identify this full output and its correct path?

  • A. debug-mode
  • B. auto extract
  • C. raw-response
  • D. extend-parent-context


Answer : C

A playbook task is set up to run an integration command that takes no input and which outputs information to the context. The integration has several instances configured.
Which action will ensure the integration command only runs once?

  • A. Specify the using- parameter to target a specific integration instance to run.
  • B. Click on Advanced Options  Limits to specify the minimum / maximum run limits for a command.
  • C. Click on Performance  Run Limits to specify the maximum run count before the task exits.
  • D. Specify the runlimit= parameter to limit the number of times a specific command will run.


Answer : A

An incident has been created in the following state:
There is no playbook attached.
The War Room is available, but no commands have been run yet.
What is the status of the incident?

  • A. Active
  • B. Pending
  • C. Waiting
  • D. In-progress


Answer : A

Within the playbook editor, which function allows a user to associate a task output to an incident field?

  • A. Classification
  • B. Inputs
  • C. Extend context
  • D. Mapping


Answer : C

What aggregates data from incidents and indicators into a Cortex XSOAR report?

  • A. Widgets
  • B. Automations al-
  • C. SQL queries
  • D. Playbooks


Answer : A

Based on the image below, what is the output when "Test" is clicked?

  • A. Orange
  • B. Blue
  • C. Yellow
  • D. Red


Answer : D

A feed has the highest configured reliability; however, even when it sets an indicator as suspicious or benign, it has a different final verdict in Cortex XSOAR.
Based on the image below, what could be the reason for this behavior?

  • A. Indicator Reputation from the feed is set to "Malicious."
  • B. Source Reliability needs to be increased to "A - Completely reliable."
  • C. The Indicator Expiration Method needs to be set to "Never Expire."
  • D. The Traffic Light Protocol Color is empty.


Answer : A

Two feed integrations with the same source reliability (B - Usually reliable) fetch the same indicator with the following verdicts:

Integration A - Malicious -

Integration B - Benign -
Indicator data from Integration B was fetched after Integration A.
What will be the values of the fields associated with the indicator?

  • A. Verdict: Malicious
    Other Fields: Values from Integration A
  • B. Verdict: Malicious
    Other Fields: Values from Integration B
  • C. Verdict: Benign
    Other Fields: Values from Integration A
  • D. Verdict: Benign
    Other Fields: Values from Integration B


Answer : D

Previous playbook tasks have built out the context in the image below.

When specifying ${User.Name} as an input for a sub playbook task which has the default loop configuration, how many times will the sub-playbook be executed?

  • A. 0
  • B. 1
  • C. 3
  • D. 4


Answer : D

Based on the image below, which key from the context points to the string GOGL?

  • A. Whois.IP.asn_registry.entities
  • B. Whois.IP.[0].network.name
  • C. Whois.IP.network.name
  • D. Whois.IP.entities


Answer : C

What is needed to send a survey with multiple questions to a customer?

  • A. Data Collection
  • B. Conditional Ask
  • C. Survey task
  • D. Section Header task


Answer : A

Page:    1 / 4   
Exam contains 50 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy