Practice Free XSOAR-Engineer Exam Online Questions
Which two advanced attributes can be applied to incident fields when editing? (Choose two.)
- A . Set a field trigger script
- B . Associate to an incident type
- C . Change field type
- D . Change field name
AB
Explanation:
Reference: https://docs.servicenow.com/bundle/quebec-it-service-management/page/product/incident-management/reference/incident-management-properties.html
Which two advanced attributes can be applied to incident fields when editing? (Choose two.)
- A . Set a field trigger script
- B . Associate to an incident type
- C . Change field type
- D . Change field name
AB
Explanation:
Reference: https://docs.servicenow.com/bundle/quebec-it-service-management/page/product/incident-management/reference/incident-management-properties.html
Which of the following are valid methods to contribute custom content? (Choose three.)
- A . Submit content directly through feature requests
- B . Private GitHub repository submission for premium content
- C . A Github pull request on the public XSOAR Content Repository
- D . Using the marketplace interface to upload the content
- E . Using the content submission tool on live.paloaltonetworks.com
An administrator wants to run an automation in the War Room to set the incident field "Description" to "Confirmed Phishing".
Which command should they enter in the War Room CLI?
- A . !incidentSet description="Confirmed Phishing"
- B . /incidentSet description=Confirmed Phishing
- C . !setIncident description="Confirmed Phishing"
- D . /setIncident description=Confirmed Phishing
Which two situations would an engineer consider when configuring classification and mapping for an incident type? (Choose two.)
- A . When creating incidents from the XSOAR REST API
- B . When manually creating an incident from the UI
- C . When adding a new analyst account to XSOAR
- D . When fetching many different incident types from a single mailbox
A playbook needs to dynamically add an email sender’s address to a Cortex XSOAR list named "BlockedSenders_Email."
Which built-in command should be used within the playbook to add this email address to the specified list?
- A . !addToList listName="BlockedSenders_Email" listData="<email_address>"
- B . !appendToListContext listPath="BlockedSenders Email" data="<email_address>"
- C . !setIncident list.BlockedSenders_Emai1="<email_address>"
- D . !createListItem listName="BlockedSenders_Email" itemValue="<email_address>"
Which configuration is a valid distributed database (DB) implementation?
- A . 2 main DBs, 1 application server, 2 node servers
- B . 1 main DB, 1 application server, 3 node servers
- C . 2 application servers, 1 main DB, 1 node server
- D . 1 application server, 2 main DBs, 1 node server
DRAG DROP
Match the action with the most appropriate playbook task type.
Explanation:
https://www.jaacostan.com/2021/02/palo-alto-cortex-xsoar-playbook-icons.html
When creating an incident layout section, it is best to place long field values within which of the following?
- A . Section headers
- B . Rows
- C . Canvas
- D . Cards
Based on the image below, what is the output when "Test" is clicked?
- A . Orange
- B . Blue
- C . Yellow
- D . Red