Practice Free XSOAR-Engineer Exam Online Questions
Which option is available in XSOAR to create the body of a Threat Intel Report?
- A . Markdown
- B . Grid Fields
- C . DOC format
- D . Javascript
A
Explanation:
Reference: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.9/Cortex-XSOAR-Threat-Intel-Management-Guide/Create-a-Threat-Intel-Report
Two feed integrations with the same source reliability (B – Usually reliable) fetch the same indicator with the following verdicts:
Integration A – Malicious –
Integration B – Benign –
Indicator data from Integration B was fetched after Integration A.
What will be the values of the fields associated with the indicator?
- A . Verdict: Malicious –
Other Fields: Values from Integration A - B . Verdict: Malicious –
Other Fields: Values from Integration B - C . Verdict: Benign –
Other Fields: Values from Integration A - D . Verdict: Benign –
Other Fields: Values from Integration B
Where would you look to find a personalized view of your own incidents and tasks?
- A . Incident Summary View
- B . My Incidents
- C . My Threat Landscape
- D . My Dashboard
Where do you navigate to monitor and improve the system performance and resilience for hosts in a multitenant environment?
- A . Settings > About > Troubleshooting, in the main host account. Each host has a System Diagnostics page.
- B . Settings > Advanced > System Diagnostics, in the main host account. Each host has a System Diagnostics page.
- C . Settings > Account Management > Hosts, in the main host account. Each host has a System Diagnostics page.
- D . Settings > About > System Diagnostics, in the main host account. Each host has a System Diagnostics page.
Which field type should be used to hold more than 60,000 characters of unformatted text?
- A . Short Text
- B . HTML
- C . Long Text
- D . Markdown
Which of the following is a prerequisite to editing out-of-the-box (OOTB) content?
- A . Download the content from the Marketplace.
- B . Go to Settings > About >Troubleshooting and set a flag to allow custom content.
- C . Register a user account with support.paloaltonetworks.com .
- D . Detach the content item you want to edit from the Marketplace.
Which of the following is a prerequisite to editing out-of-the-box (OOTB) content?
- A . Download the content from the Marketplace.
- B . Go to Settings > About >Troubleshooting and set a flag to allow custom content.
- C . Register a user account with support.paloaltonetworks.com .
- D . Detach the content item you want to edit from the Marketplace.
An engineer must create a playbook task which asks a user a single question to determine the next step in the playbook flow.
Which type of task will accomplish this goal?
- A . Standard task using manual task settings
- B . Data collection task using the task option
- C . Conditional task using the ask option
- D . Data collection task using the generated link option
After enriching a username using Active Directory, an engineer would like to send an email to the user’s manager. However, this functionality is not part of the command output. The engineer checks with raw-response=true and notices that the manager’s email is returned, but not saved in the context.
How can the engineer save the data so it will be accessible?
- A . Mark ignore output = true
- B . Use extend-context
- C . Use raw-response = save
- D . Mark ignore input = true
B
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/playbooks/extend-context/extend-context-using-the-command-line.html
Which task type would be used to verify/check that an integration was enabled?
- A . Standard task
- B . Conditional task
- C . Section Header task
- D . Data Collection task