Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Pass the Paloalto Networks Security Operations XSOAR-Engineer Questions and answers with Dumpstech

Home
Paloalto Networks
Security Operations
XSOAR-Engineer
XSOAR-Engineer Questions and Answers

Exam XSOAR-Engineer Premium Access

View all detail and faqs for the XSOAR-Engineer exam

Go to Exam

Practice at least 50% of the questions to maximize your chances of passing.

Viewing page 2 out of 7 pages

Viewing questions 11-20 out of questions

Questions # 11:

Based on the image below, what is the output when "Test" is clicked?.

Question # 11

Options:

Orange.

Blue.

Yellow.

Red.

Answer

Questions # 12:

What is the default configuration for indicator auto-extraction when incidents are created?

Options:

Inline

Inband

None

Out of band

Answer

Questions # 13:

A Cortex XSOAR Administrator is tasked with building a button for an analyst in order for the analyst to be assigned to the incident as an owner. What is the process?

Options:

Edit the incident layout to add a new button that calls the AssignAnalystToIncident automation with no argument

Edit the incident layout to add a new button that calls the AssignToMeButton automation with argument assignBy={me}

Edit the incident layout to add a new button that calls the AssignAnalystToIncident automation with argument owner={me}

Edit the incident layout to add a new button that calls the AssignAnalystToIncident automation with argument assignBy=current

Answer

Questions # 14:

Which two input requirements are needed to train a machine learning model? (Choose two.)

Options:

3000 Incidents

Incident Field

Verdict Label

Incident Type

Answer

B, D

Explanation

[Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/machine-learing- models/machine-learning-models-overview.html, , ]

Questions # 15:

When re-assigning an existing incident to a new incident type, an engineer is concerned about the preservation of critical data currently stored in fields that are only associated to the original incident type.

Upon making the change, in which state will the critical data be in the now unassociated fields?.

Options:

Hidden from the Context Data but accessible.

Visible within Context Data and fully accessible.

Visible with Context Data, grayed out, and fully accessible.

Hidden from Context Data and no longer accessible.

Answer

Explanation

XSOAR separatesContext DatafromIncident Layout fields. When an incident field is populated, its value is stored in Context, even if the incident type later changes. The Admin Guide clearly states that context is persistent and not dependent on whether a field belongs to the new incident type.

If an incident is reassigned to a different incident type, fields not included in the new type’s layout are no longer visiblein the UI, but the data is fully retained in Context. Analysts can still retrieve the values through playbooks, scripts, or JSON view. This ensures investigations are not disrupted and historical information is never lost due to schema changes.

The data isnot deleted, nor is it hidden from context (ruling out options A and D). It also does not appear grayed out in the UI (C), because the fields no longer appear at all unless re-added to the layout.

Thus, per XSOAR’s data retention model, the correct state isB: Visible within Context Data and fully accessible.

Questions # 16:

After enriching a username using Active Directory, an engineer would like to send an email to the user’s manager. However, this functionality is not part of the command output. The engineer checks with raw- response=true and notices that the manager’s email is returned, but not saved in the context.

How can the engineer save the data so it will be accessible?

Options:

Mark ignore output = true

Use extend-context

Use raw-response = save

Mark ignore input = true

Answer

Explanation

[Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/playbooks/extend- context/extend-context-using-the-command-line.html, , ]

Questions # 17:

How would context data be filtered to receive only malicious indicator values with DBotScore?

Options:

Get DBotScore.value where DBotScore.Score (Larger or equals) 4

Get DBotScore.value where DBotScore.Score (equals (int)) 3

Get DBotScore where DBotScore.Score (Larger than) 1

Get DBotScore where DBotScore.Score (Larger or equals) 2

Answer

Explanation

[Reference: https://github.com/demisto/content/blob/master//Packs/DeprecatedContent/Integrations/ PaloAlto_MineMeld/README.md, , ]

Questions # 18:

What is needed to send a survey with multiple questions to a customer?.

Options:

Data Collection.

Section Header task.

Conditional Ask.

Survey task.

Answer

Explanation

XSOAR provides two types of user-interaction mechanisms in playbooks:Ask tasksandData Collection tasks. Ask tasks present asingle questionwhose answer determines the playbook’s conditional path. Conversely, Data Collection tasks are specifically designed to gathermultiple questions, forming a structured form or survey.

The Admin Guide explains that Data Collection tasks allow multiple question fields such as text input, dropdowns, yes/no responses, and date fields. These tasks may be delivered via email links, the XSOAR UI, or external response pages. Once completed, responses are automatically populated into incident fields or context keys.

A Section Header (option B) only organizes information within playbooks and layouts; it does not collect user input. Conditional Ask (option C) is strictly limited to single-question logic branching. A “Survey task” (option D) does not exist as a named task type in XSOAR; surveys are implemented through Data Collection tasks.

Thus, the correct answer isA: Data Collection, as it is the documented method for sending multi-question forms to users or customers.

Questions # 19:

Which two options will troubleshoot an integration’s fetch incidents command? (Choose two.)

Options:

In the instance settings, enable the fetch incidents parameter and wait for one minute

Create a one task playbook with a fetch-incident command

execute !-fetch

Answer

A, C

Explanation

[Reference: https://xsoar.pan.dev/docs/integrations/fetching-incidents, , ]

Questions # 20:

Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)

Options:

Python

Perl

JavaScript

Powershell

Answer

A, D, E

Explanation

[Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/playbooks/ automations.html, , ]

Viewing page 2 out of 7 pages

Viewing questions 11-20 out of questions

Modal title

Registered Required

In order to participate in the comments you need to be logged-in.
You can sign-up or login (it's free).