Practice Free XSOAR-Engineer Exam Online Questions
When browsing the Marketplace for new content packs, which details about each pack are you able to view?
- A . The integration’s source code
- B . A summary of each version history
- C . A test instance for the content pack
- D . The source code of each playbook
Which playbook will a job run by default?
- A . The playbook assigned to the incident type
- B . The playbook assigned to the indicator type
- C . The playbook assigned during pre-processing
- D . The playbook assigned by the integration
In which two options can an automation script be executed? (Choose two.)
- A . Engine
- B . Integration
- C . War room
- D . Playbook
CD
Explanation:
Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/playbooks/automations.html
When re-assigning an existing incident to a new incident type, an engineer is concerned about the preservation of critical data currently stored in fields that are only associated to the original incident type.
Upon making the change, in which state will the critical data be in the now unassociated fields?
- A . Hidden from the Context Data but accessible
- B . Visible within Context Data and fully accessible
- C . Visible with Context Data, grayed out, and fully accessible
- D . Hidden from Context Data and no longer accessible
Which two options will troubleshoot an integration’s fetch incidents command? (Choose two.)
- A . In the instance settings, enable the fetch incidents parameter and wait for one minute
- B . Create a one task playbook with a fetch-incident command
- C . execute !<integration_instance_name>-fetch
- D . execute !<integration_name>-fetch
AC
Explanation:
Reference: https://xsoar.pan.dev/docs/integrations/fetching-incidents
In a Dev/Prod deployment model, what is available only in the development tenant?
- A . Marketplace
- B . Content Repository page
- C . Custom integration instances
- D . "Export all custom content" feature
Which two causes may be occurring if an integration test is working, but the integration is not fetching incidents? (Choose two.)
- A . The ’Fetches Incidents’ option may not have been enabled
- B . There are no new events from the external service
- C . The first fetch should be manually triggered to start the fetching process
- D . It can take up to 1-hour before incidents are initially fetched
A temporary integration issue causes a scheduled job to fail continuously.
Which action will ensure the job continues to run after future failures?
- A . Edit Queue Handling settings of the job.
- B . Verify that the "Continue on Error" box is checked in the job.
- C . Adjust the Role-Based Access Control (RBAC) of the incident type.
- D . Ensure the last playbook task runs close Investigation.
An automation returned an output called: csvReport.
What filter would be used to check if the automation returned results?
- A . Contains/Includes
- B . Equals/Matches
- C . In/In list
- D . Is defined/Exist
D
Explanation:
This filter will be used to check if the automation returned results, as it checks to see if the output variable called csvReport is defined and exists. If it is, then the automation returned results.
When mapping incoming data to incident fields, which statement is correct?
- A . Data that is not mapped is placed under labels
- B . Only text fields are classified
- C . Classification cannot be used if mapping is enabled
- D . Every incoming field must be mapped
A
Explanation:
Reference: https://xsoar.pan.dev/docs/incidents/incident-classification-mapping