Practice Free XSOAR-Engineer Exam Online Questions
You can customize most aspects of the incident layout, including which three of the following? (Choose three.)
- A . Which users have permissions to view the tabs
- B . Which roles have permissions to view the tabs
- C . Which dashboard settings are applied
- D . The information and how is it displayed
- E . Which tabs appear and in which order
What determines the current verdict for an indicator when multiple sources provide different reliability scores and verdicts?
- A . Verdict provided by the most recently updated source
- B . Average verdict score from all sources
- C . Verdict provided by the source with the highest reliability score
- D . Highest severity verdict from all sources
What assigns newly ingested event attributes to incident fields?
- A . Playbooks
- B . Classification
- C . Mapping
- D . Layouts
Where are incident layouts customized?
- A . Settings > Object Setup > Incidents > Layouts
- B . Settings > Integrations > Instance configuration
- C . Settings > Object Setup > Indicators > Layouts
- D . Settings > Advanced > Incident Layouts
A
Explanation:
Reference: https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.6/Cortex-XSOAR-Administrator-Guide/Customize-Incident-Layouts
Which set of trigger options is available to start a job when a new instance is created?
- A . "Mapping" and "Classification"
- B . "Time" and "By delta in feed"
- C . "Cron View" and "Human View"
- D . "Script Start" and "CLI"
What aggregates data from incidents and indicators into a Cortex XSOAR report?
- A . Widgets
- B . Automations al-
- C . SQL queries
- D . Playbooks
Which two components have their own context data? (Choose two.)
- A . Sub-playbook
- B . Task
- C . Field
- D . Incident
A SOC analyst needs to retrieve the list of all open phishing incidents in the last 30 days.
What is the correct query to use?
- A . -status:closed -category:job type:Phishing created:>="30 days ago"
- B . status:closed -category:job & type:Phishing created:>="30 days ago"
- C . -status:closed -category:job & type:Phishing created:<="30 days ago"
- D . -status:closed -category:job type:Phishing created:="30 days ago"
What is an example of a generic reputation command?
- A . !ip
- B . !getReputation
- C . !reputation
- D . !enrichIndicator
What is the correct expression to use when filtering only PDF files?
- A . Use File.Extension that does not equal (string comparison) PDF
- B . Use File.Name contains PDF
- C . Use File.Extension contains (general) PDF
- D . Use File.Extension equals (string comparison) PDF