Paloalto Networks XSOAR-Engineer 시험

Question No : 1

Which two options will troubleshoot an integration’s fetch incidents command? (Choose two.)

• A.In the instance settings, enable the fetch incidents parameter and wait for one minute
• B.Create a one task playbook with a fetch-incident command
• C.execute !<integration_instance_name>-fetch
• D.execute !<integration_name>-fetch

답을 확인하기

정답:
Explanation:
Reference: https://xsoar.pan.dev/docs/integrations/fetching-incidents

Question No : 2

Can an automation script execute an integration command and an integration command execute an automation script?

• A.An automation script cannot execute an integration command and an integration command cannot execute an automation script
• B.An automation script can execute an integration command and an integration command cannot execute an automation script
• C.An automation script cannot execute an integration command and an integration command can execute an automation script
• D.An automation script can execute an integration command and an integration command can execute an automation script

답을 확인하기

정답:

Question No : 3

How would context data be filtered to receive only malicious indicator values with DBotScore?

• A.Get DBotScore.value where DBotScore.Score (Larger or equals) 4
• B.Get DBotScore.value where DBotScore.Score (equals (int)) 3
• C.Get DBotScore where DBotScore.Score (Larger than) 1
• D.Get DBotScore where DBotScore.Score (Larger or equals) 2

답을 확인하기

정답:
Explanation:
Reference: https://github.com/demisto/content/blob/master//Packs/DeprecatedContent/Integrations/PaloAlto_MineMeld/README.md

Question No : 4

An engineer defined a dashboard which allows important metrics to be displayed. The engineer would like to make this dashboard the default dashboard.
How can it be accomplished?

• A.Default Dashboard can be defined by ‘Role’
• B.Use the server configuration key: default.dashboards
• C.Save the dashboard as a widget and apply it to all users
• D.Right click on the dashboard tab and ‘Set as Default’

답을 확인하기

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/monitoring/cortex-xdr-dashboard/manage-dashboards.html

Question No : 5

When uploading content, which two options could the upload include? (Choose two.)

• A.Indicators
• B.Incidents
• C.Reports
• D.Fields

답을 확인하기

정답:

Question No : 6

Which two features does XSOAR offer to help recover from a server failure? (Choose two.)

• A.Live backup (disaster recovery)
• B.Distributed database
• C.Backup data to XSOAR engines
• D.Local backup

답을 확인하기

정답:

Question No : 7

What can be used as integration parameters?

• A.URL, API key, port
• B.URL, certificate, image
• C.Token, query, playbook
• D.User-password, csv file, query

답을 확인하기

정답:

Question No : 8

Which three options can be defined in the layout settings? (Choose three.)

• A.Set of fields to present
• B.Permission to view the tab based on ‘Users’
• C.Permission to view the tab based on ‘Roles’
• D.Delete built-in tabs including the war room
• E.Dynamic sections

답을 확인하기

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-1/cortex-xsoar-admin/incidents/customize-incident-view-layouts/customize-incident-layouts.html

Question No : 9

Which two options are the most effective for moving content between two environments? (Choose two.)

• A.Remote repository based content sharing
• B.UI based content import/export button
• C.Copy the content backup from one environment file system (/var/lib/demisto/backup/content-backup-*) and move it to the other environment
• D.Download the content items separately and upload them to the other environment

답을 확인하기

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/manage-data/migrate-data-to-another-server-for-multi-tenant.html

Question No : 10

An engineer’s organization system is registered in the following manner: <SiteName-SystemID-Username>. The engineer created a new indicator type for detecting systems using regex. The engineer would now like the username to be created as a separate ‘User’ indicator automatically once a system is found.
What is the most efficient way for the engineer to achieve this?

• A.Create a custom indicator field named ‘username’ and link it to the internal system indicator
• B.Change the reputation command for the internal system indicator type
• C.Create a new indicator type of the internal username and set a formatting script to extract only the username
• D.Create a new indicator type of the internal username and have the regex included on any string that has dash at the beginning

답을 확인하기

정답:
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-threat-intel-management-guide/manage-indicators/understand-indicators/indicator-types/indicator-type-profile

Question No : 11

Which two statements accurately describe layouts? (Choose two.)

• A.Layouts override classification and mapping
• B.New tabs can be added to the incident layout
• C.Layouts can display incident information and custom fields
• D.Layouts add or remove custom fields from an incident type

답을 확인하기

정답:

Question No : 12

A large number of incidents were deleted by mistake.
Which two architecture components can be used to recover the lost data? (Choose two.)

• A.Live backup
• B.Engine
• C.Distributed database
• D.Local backup

답을 확인하기

정답:
Explanation:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-6/cortex-xsoar-admin/disaster-recovery-and-live-backup/backup-the-database.html
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/disaster-recovery-and-live-backup/disaster-recovery-and-backup-overview.html

Question No : 13

How is data transferred between playbook tasks?

• A.Read/Write from context data
• B.Over war room results
• C.Input from the indicator page
• D.Directly from a previous task

답을 확인하기

정답:

Question No : 14

An engineer asked for a specific command in an integration but the capability does not exist. The engineer decided to edit the existing integration by copying the integration and adding the needed commands.
What is the main concern when adding these commands?

• A.The commands must return a proper result to the war room for the analysts to understand
• B.The code may not be written to XSOAR standards
• C.The integrations are locked and cannot be edited with additional commands
• D.The custom integration will not be maintained and updated by XSOAR content team

답을 확인하기

정답:

Question No : 15

Whar are possible war room result (entry) types?

• A.Context, file, error, image
• B.Note, indicator, error, image
• C.Video, file, error, image
• D.Note, file, error, image

답을 확인하기

정답: