Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Pass the Paloalto Networks Security Operations XSOAR-Engineer Questions and answers with Dumpstech

Home
Paloalto Networks
Security Operations
XSOAR-Engineer
XSOAR-Engineer Questions and Answers

Exam XSOAR-Engineer Premium Access

View all detail and faqs for the XSOAR-Engineer exam

Go to Exam

Practice at least 50% of the questions to maximize your chances of passing.

Viewing page 3 out of 7 pages

Viewing questions 21-30 out of questions

Questions # 21:

While testing a custom integration, an XSOAR engineer noticed that the incident fetch interval is missing. How can this be fixed?

Options:

Define the Incident Fetch Interval when running the integration’s commands.

Duplicate the integration. Edit the resulting copy and add incidentFetchInterval as a parameter. Save the integration. Configure the new integration instance with the interval required.

Configure the application to send incidents on the required interval.

Duplicate the integration. Add the interval in the code. Save the integration and Configure the new integration instance with the interval required.

Answer

Questions # 22:

An engineer’s organization system is registered in the following manner: . The engineer created a new indicator type for detecting systems using regex. The engineer would now like the username to be created as a separate ‘User’ indicator automatically once a system is found.

What is the most efficient way for the engineer to achieve this?

Options:

Create a custom indicator field named ‘username’ and link it to the internal system indicator

Change the reputation command for the internal system indicator type

Create a new indicator type of the internal username and set a formatting script to extract only theusername

Create a new indicator type of the internal username and have the regex included on any string that has dash at the beginning

Answer

Explanation

[Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-threat-intel-management- guide/manage-indicators/understand-indicators/indicator-types/indicator-type-profile, , ]

Questions # 23:

Which of the following is a prerequisite to editing out-of-the-box (OOTB) content?

Options:

Download the content from the Marketplace.

Go to Settings > About >Troubleshooting and set a flag to allow custom content.

Detach the content item you want to edit from the Marketplace.

Answer

Questions # 24:

For troubleshooting, after a log bundle is created, where do the logs appear on the XCSOAR server?

Options:

/var/lib/demisto

/tmp/log/demisto

/usr/local/demisto

/var/log/demisto

Answer

Questions # 25:

What are two main uses of context data? (Choose two.)

Options:

Store incident information in JSON format

Store incident information in XML format

Pass data between playbook tasks

Pass data between to-do tasks

Answer

A, C

Explanation

[Reference: https://xsoar.pan.dev/docs/integrations/context-and-outputs#:~:text=The%20main%20use%20of% 20the,the%20Context%20and%20uses%20it., , ]

Questions # 26:

Assuming an incident type configuration runs the associated playbook automatically, which pre-process rule action can preserve matching incidents without triggering the playbook?.

Options:

Close.

Update.

Drop.

Link.

Answer

Explanation

Pre-process rules allow XSOAR to evaluate incoming events before they are fully created as incidents. These rules can suppress, modify, or relate events based on defined criteria. According to the Admin Guide, when a pre-process rule uses theLinkaction, XSOAR links the incoming event to an existing incident without triggering the standard incident creation process or subsequent playbook execution. This preserves the data for correlation and investigation while preventing duplicate or unnecessary playbook runs.

TheCloseaction (A) suppresses incidents completely and is used to auto-close unwanted events; this prevents preservation of the event and does not trigger the playbook. TheDropaction (C) discards incoming events entirely, removing them from the system and not preserving them. TheUpdateaction (B) modifies or enriches existing incidents but does not stop the playbook from running on newly created incidents of that type.

Because the requirement is topreserve the incident while also preventing automatic playbook execution, the Link action is the only workflow that fulfills both requirements according to XSOAR’s pre-process rule architecture. Thus, optionDis correct.

Questions # 27:

What is the function of timer SLA fields in Cortex XSOAR?

Options:

To track SLA breaches per playbook

To run a script that executes on SLA assignment

To automatically alert the analyst on SLA breach

To count the time between one or more tasks

Answer

Explanation

[Reference: https://docs-cortex.paloaltonetworks.com/cortex/cortex-xsoar//6-2/cortex-xsoar-admin/work-with-slas/create-an-sla-field, , ]

Questions # 28:

In which two options can an automation script be executed? (Choose two.)

Options:

Engine

Integration

War room

Playbook

Answer

C, D

Explanation

[Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/playbooks/ automations.html, , ]

Questions # 29:

Which two components have their own context data? (Choose two.)

Options:

Sub-playbook

Task

Field

Incident

Answer

A, D

Questions # 30:

Threat Intel search queries can be shared with which of the following? (Select 1)

Options:

Users defined in the platform (email or username)

Other organizations via the Marketplace

Users outside XSOAR via email invite

Roles defined in the platform

Answer

Viewing page 3 out of 7 pages

Viewing questions 21-30 out of questions

Modal title

Registered Required

In order to participate in the comments you need to be logged-in.
You can sign-up or login (it's free).