palo-alto-networks pcsae practice test

Palo Alto Networks Certified Security Automation Engineer


Question 1

What are two main uses of context data? (Choose two.)

  • A. Store incident information in JSON format
  • B. Store incident information in XML format
  • C. Pass data between playbook tasks
  • D. Pass data between to-do tasks
Answer:

A C

Explanation:
Reference: https://xsoar.pan.dev/docs/integrations/context-and-
outputs#:~:text=The%20main%20use%20of%20the,the%20Context%20and%20uses%20it.

Discussions

Question 2

After enriching a username using Active Directory, an engineer would like to send an email to the users manager. However,
this functionality is not part of the command output. The engineer checks with raw-response=true and notices that the
managers email is returned, but not saved in the context.
How can the engineer save the data so it will be accessible?

  • A. Mark ignore output = true
  • B. Use extend-context
  • C. Use raw-response = save
  • D. Mark ignore input = true
Answer:

B

Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/playbooks/extend-context/extend-
context-using-the-command-line.html

Discussions

Question 3

Which two reasons would lead an engineer to create a custom widget? (Choose two.)

  • A. To visualize server configuration keys
  • B. To visualize XSOAR list data
  • C. To visualize complex incident data calculations
  • D. To visualize context data
  • E. To visualize a custom query
Answer:

D E

Explanation:
Reference: https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/cortex/cortex-xsoar/6-0/cortex-xsoar-
admin/cortex-xsoar-admin.pdf/cortex-xsoar-admin.pdf

Discussions

Question 4

What is the default task type when creating an empty task?

  • A. Standard (Manual)
  • B. Conditional
  • C. Section header
  • D. Standard (Automated)
Answer:

B

Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/playbooks/playbook-
tasks/playbook-task-fields.html

Discussions

Question 5

DRAG DROP
Match the corresponding action with the appropriate playbook tasks.
Select and Place:

Answer:

Explanation:
Reference:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/playbooks/playbooks-overview.html

Discussions

Question 6

In which two scenarios would it be appropriate to implement a loop for a sub-playbook? (Choose two.)

  • A. In repetitive process flows to iterate for each playbook input
  • B. When continuously ingesting incidents from third-party systems
  • C. In repetitive process flows with no more than 10 loops
  • D. In repetitive processes that requires sub-playbook re-execution
Answer:

A B

Discussions

Question 7

Which two methods are used to add new content to the XSOAR Content Repository? (Choose two.)

  • A. Create content and add it to the standard content by contributing through the Marketplace
  • B. Use the XSOAR GitHub Contribution Guide to add the contribution to the standard content
  • C. Create a support ticket with the custom content for review by the support team
  • D. Any custom content will be automatically uploaded to the content repository
Answer:

A D

Discussions

Question 8

An engineer defined a dashboard which allows important metrics to be displayed. The engineer would like to make this
dashboard the default dashboard.
How can it be accomplished?

  • A. Default Dashboard can be defined by ‘Role’
  • B. Use the server configuration key: default.dashboards
  • C. Save the dashboard as a widget and apply it to all users
  • D. Right click on the dashboard tab and ‘Set as Default’
Answer:

D

Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/monitoring/cortex-xdr-
dashboard/manage-dashboards.html

Discussions

Question 9

Which two options may be added when a content pack is being installed? (Choose two.)

  • A. Lists
  • B. Roles
  • C. Other content packs
  • D. Indicator layouts
Answer:

A B

Discussions

Question 10

Which two options will troubleshoot an integration’s fetch incidents command? (Choose two.)

  • A. In the instance settings, enable the fetch incidents parameter and wait for one minute
  • B. Create a one task playbook with a fetch-incident command
  • D. execute !-fetch
Answer:

A C

Explanation:
Reference: https://xsoar.pan.dev/docs/integrations/fetching-incidents

Discussions
To page 2