Paloalto Networks XSOAR-Engineer 시험

Question No : 1

An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users.
Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)

• A.Open a ticket with the XSOAR support team
• B.Create a pull request directly on Github
• C.Contribute through the XSOAR UI
• D.Send an email to [email protected]

답을 확인하기

정답:

Question No : 2

Which three actions can an engineer take on the troubleshooting page? (Choose three.)

• A.Download the debug log bundle
• B.Put the XSOAR server in maintenance mode
• C.View and modify server configuration settings
• D.Export and import custom content
• E.View a list of server administrators

답을 확인하기

정답:

Question No : 3

In which two locations can filters and transformers be used in XSOAR? (Choose two.)

• A.Classification and Mapping
• B.Playbook Tasks
• C.Evidence Fields
• D.Incident Fields

답을 확인하기

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/playbooks/filters-and-transformers.html

Question No : 4

What is the correct definition regarding integration parameters and command arguments?

• A.Parameters are global variables which means that every command can use these configurable options in order to run. Arguments are shared with other commands and must be present for each command.
• B.Parameters are local variables which means that every command can use these configurable options in order to run. Arguments are shared with other commands and must be present for each command.
• C.Parameters are local variables which means that every command can use these configurable options in order to run. Arguments are specific to only one command.
• D.Parameters are global variables which means that every command can use these configurable options in order to run. Arguments are specific to only one command.

답을 확인하기

정답:

Question No : 5

By default, automation written in which language will be executed in a Docker container?

• A.Python
• B.Go
• C.JavaScript
• D.Perl

답을 확인하기

정답:

Question No : 6

In which two options can an automation script be executed? (Choose two.)

• A.Engine
• B.Integration
• C.War room
• D.Playbook

답을 확인하기

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/playbooks/automations.html

Question No : 7

Which two methods are used to add new content to the XSOAR Content Repository? (Choose two.)

• A.Create content and add it to the standard content by contributing through the Marketplace
• B.Use the XSOAR GitHub Contribution Guide to add the contribution to the standard content
• C.Create a support ticket with the custom content for review by the support team
• D.Any custom content will be automatically uploaded to the content repository

답을 확인하기

정답:

Question No : 8

What is the default task type when creating an empty task?

• A.Standard (Manual)
• B.Conditional
• C.Section header
• D.Standard (Automated)

답을 확인하기

정답:

Question No : 9

What is the difference between labels and fields?

• A.Fields can be used in playbooks and labels cannot
• B.Fields are indexed in the database and labels are not
• C.Labels can be used in queries and fields cannot
• D.Labels are indexed in the database and fields are not

답을 확인하기

정답:

Question No : 10

An automation returned an output called: csvReport.
What filter would be used to check if the automation returned results?

• A.Contains/Includes
• B.Equals/Matches
• C.In/In list
• D.Is defined/Exist

답을 확인하기

정답:
Explanation:
This filter will be used to check if the automation returned results, as it checks to see if the output variable called csvReport is defined and exists. If it is, then the automation returned results.

Question No : 11

An engineer would like to add a custom field to the New Job form for a job triggered from a threat intel feed.
How would the engineer implement this?

• A.The new job form changes based on the threat intel feed integration configuration
• B.The new job form can be edited from the Indicator Feed incident type editor
• C.The new job form for a threat intel feed job cannot be edited
• D.The new job form can be edited from the threat intel feeds integration settings

답을 확인하기

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-threat-intel-management-guide/manage-indicators/understand-indicators/create-a-feed-based-job.html

Question No : 12

Which configuration is a valid distributed database (DB) implementation?

• A.2 main DBs, 1 application server, 2 node servers
• B.1 main DB, 1 application server, 3 node servers
• C.2 application servers, 1 main DB, 1 node server
• D.1 application server, 2 main DBs, 1 node server

답을 확인하기

정답:

Question No : 13

In which two scenarios would it be appropriate to implement a loop for a sub-playbook? (Choose two.)

• A.In repetitive process flows to iterate for each playbook input
• B.When continuously ingesting incidents from third-party systems
• C.In repetitive process flows with no more than 10 loops
• D.In repetitive processes that requires sub-playbook re-execution

답을 확인하기

정답:

Question No : 14

An engineer wants to customize the regex for the default IP indicator type.
How can this change be implemented?

• A.Create a new indicator type and disable the built-in IP indicator
• B.Edit the regex of the default IP Indicator
• C.Add a new server configuration key that will overwrite the default regex of the IP indicator
• D.Delete the default IP indicator

답을 확인하기

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/manage-indicators/understand-indicators/indicator-types/indicator-type-profile.html

Question No : 15

What are two common use cases for conditional tasks? (Choose two.)

• A.They are used for branching paths in a playbook
• B.They are used to interact with users through survey functionality
• C.They are used to determine which incident will be executed
• D.They are used for sending a specific QUESTIO N NO: to a person or team

답을 확인하기

정답:
Explanation:
Reference: https://docs-new.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/cortex-xsoar-overview/use-cases.html#id7b31e50b-5aca-4d65-bdb5-ba61b4eac0b4