XSOAR-Engineer by Palo Alto Networks Valid Free Exam Practice Test

Question 1

What are two of the actions available on the Version History tab of a content pack in the marketplace?
(Choose two.)

A. Download content for offline installation B. Update to x version C. Revert to x version D. Uninstall content pack

Correct Answer: B,C

Question 2

What is the difference between labels and fields?

A. Labels are indexed in the database and fields are not B. Fields can be used in playbooks and labels cannot C. Fields are indexed in the database and labels are not D. Labels can be used in queries and fields cannot

Correct Answer: D

Question 3

Incidents need to be filtered by all of the following criteria:
1.Status - Pending
2.Exclude Category - Job
3.Severity - High
4.Owner - None (No owner assigned)
5.Type - Phishing
6.Email Subject - "You have won a million dollars"
What is the correct query syntax for the above incident search filter?

A. Status:Pending and -Category:job and Severity:High and Owner:"" and Type:Phishing and Email Subject:You have won a million dollars B. status=="Pending"andandcategory!="job"andandseverity=="High"andandowner=="None" andandtype=="Phishing"andandemailsubject=="You have won a million dollars" C. status:Pending and -category:job and severity:High and owner:"" and type:Phishing and emailsubject:" You have won a million dollars" D. status:Pending or -category:job or severity:High or owner:"" or type:Phishing or emailsubject:"You have won a million dollars"

Correct Answer: C

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 4

Given an incident with three files, how could the name of the second file be referenced?

A. ${Files.[2].Name} B. ${File.Name.[1]} C. ${File.[1].Name} D. ${Files.Name.[2]}

Correct Answer: B

Question 5

The default expiration method for non-feed indicators is either to never expire or to expire after a specific period of time. How frequently does XSOAR check tor newly expired indicators?

A. Every 1 hour B. Every 8 hours C. Every 24 hours D. Every 5 minutes

Correct Answer: A

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 6

Which two methods are used to add new content to the XSOAR Content Repository? (Choose two.)

A. Use the XSOAR GitHub Contribution Guide to add the contribution to the standard content B. Create content and add it to the standard content by contributing through the Marketplace C. Create a support ticket with the custom content for review by the support team D. Any custom content will be automatically uploaded to the content repository

Correct Answer: B,D

Question 7

What are two common use cases for conditional tasks? (Choose two.)

A. They are used to interact with users through survey functionality B. They are used for branching paths in a playbook C. They are used to determine which incident will be executed D. They are used for sending a specific questions to a person or team

Correct Answer: B,D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 8

Which option is available in XSOAR to create the body of a Threat Intel Report?

A. DOC format B. Javascript C. Grid Fields D. Markdown

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 9

Which three support types are included in the Marketplace Content Packs? (Choose three.)

A. Community supported B. Contex XSOAR supported C. Customer supported D. Prisma Cloud supported E. Partner supported

Correct Answer: A,B,E

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 10

How would context data be filtered to receive only malicious indicator values with DBotScore?

A. Get DBotScore where DBotScore.Score (Larger than) 1 B. Get DBotScore where DBotScore.Score (Larger or equals) 2 C. Get DBotScore.value where DBotScore.Score (Larger or equals) 4 D. Get DBotScore.value where DBotScore.Score (equals (int)) 3

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 11

An engineer asked for a specific command in an integration but the capability does not exist. The engineer decided to edit the existing integration by copying the integration and adding the needed commands.
What is the main concern when adding these commands?

A. The integrations are locked and cannot be edited with additional commands B. The code may not be written to XSOAR standards C. The commands must return a proper result to the war room for the analysts to understand D. The custom integration will not be maintained and updated by XSOAR content team

Correct Answer: D

Question 12

Which investigation element is best suited for collaboration among users?

A. Work Plan B. Context Data C. Related Incidents D. War Room

Correct Answer: B

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 13

Match the action with the most appropriate playbook task type.