Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

PCSAE by Palo Alto Networks - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

Which of the following is a feature of XSOAR automations?

A can run on multiple docker containers
B can be set to run on a scheduled basis in the automation settings
C can be password protected
D can be written in C++

Question 4

When is the post-processing script executed in XSOAR?

A Just after the incident is created
B Just after the pre-processing is executed
C Just after the playbook is executed
D Just after the Close Incident button is clicked

Question 5

Which option is available in XSOAR to create the body of a Threat Intel Report?

A Markdown
B Grid Fields
C DOC format
D Javascript

Question 6

Question 7

Where are incident layouts customized?

A Settings > Object Setup > Incidents > Layouts
B Settings > Integrations > Instance configuration
C Settings > Object Setup > Indicators > Layouts
D Settings > Advanced > Incident Layouts

Question 8

How can Cortex XSOAR administrators prevent junior analysts from viewing a senior analyst dashboard?

A Share the dashboard in Read and Edit mode for senior analysts.
B Share the dashboard in Read & Edit mode for senior analysts and Read Only for juniors analysts.
C Share the dashboard in Read and Write mode for senior analysts.
D Share the dashboard in Read Only mode for junior analysts and senior analysts.

Question 9

Which content type cannot be managed using remote repositories?

A Lists
B Jobs
C Pre-processing rules
D Exclusion List

Question 10

Which task type would be used to verify/check that an integration was enabled?

A Standard task
B Conditional task
C Section Header task
D Data Collection task

Question 11

Which two capabilities do Automation script settings include? (Choose two.)

A Define 'parameters'
B Correlate to incident types
C Define 'outputs'
D Set password protection

Question 12

After executing the DeleteContext automation with all=yes argument, how would the context data of an incident present?

A All the data, including the incident key will be deleted, and the context data will be completely empty.
B No difference, the automation cannot be executed manually.
C All context data, including custom incident fields will be deleted, system incident fields will remain.
D All context data, except the incident key will be deleted.

Question 13

An XSOAR engineer has been tasked with exporting all indicators from the production environment in the last 90 days. The final report needs to be in CSV format containing all indicator fields. How can this task be achieved?

A Run the command !GetIndicatorsByQuery in CLI with its default arguments and export all indicators in the last 90 days.
B SSH into the server and copy the indicator's database.
C In the Threat Intel page, add query firstSeen:>="90 days ago", select All columns in Table View, and click Export to export as a CSV.
D Run the command !findIndicators in CLI with the query firstSeen:>="90 days ago" and export to CSV.

Question 14

An administrator has noticed that an incident fetch has failed, causing several internal workflows to be backed up. The administrator would like to receive notifications the next time the incident fetch fails.

How can they achieve this?

A Create a custom playbook that sends an email each time the fetch fails.
B Create a new integration that monitors the incident fetch and sends an email if the fetch fails.
C Schedule a job that runs and monitors incidents in XSOAR that will send an email if there are no new incidents.
D Add a server config to notify when incident fetch fails.

Question 15

Threat Intel search queries can be shared with which of the following? (Select 1)

A Users defined in the platform (email or username)
B Other organizations via the Marketplace
C Users outside XSOAR via email invite
D Roles defined in the platform

Question 16

An administrator wants to run an automation in the War Room to set the incident field "Description" to "Confirmed Phishing". Which command should they enter in the War Room CLI?

A !incidentSet description="Confirmed Phishing"
B /incidentSet description=Confirmed Phishing
C !setIncident description="Confirmed Phishing"
D /setIncident description=Confirmed Phishing

Question 17

Select the correct incident life cycle on XSOAR.

A Planning > Incident Ingestion > Incident Creation > Mapping and Classification > Pre-processing > Playbook runs > Post-processing
B Planning > Incident Ingestion > Pre-processing > Incident Creation > Mapping and Classification > Playbook runs > Post-processing
C Planning > Incident Ingestion > Pre-processing > Mapping and Classification > Incident Creation > Playbook runs > Post-processing
D Planning > Incident Ingestion > Mapping and Classification > Pre-processing > Incident Creation > Playbook runs > Post-processing

Question 18

Which of the following is a prerequisite to editing out-of-the-box (OOTB) content?

A Download the content from the Marketplace.
B Go to Settings > About >Troubleshooting and set a flag to allow custom content.
C Register a user account with support.paloaltonetworks.com .
D Detach the content item you want to edit from the Marketplace.

Question 19

At what stage during the incident lifecycle is an incident type assigned?

A Pre-processing
B Incident creation
C Classification
D Playbook execution

Question 20

What can you use to assign a layout, field, and playbook to an incoming incident?

A Playbook
B Classification and mapping
C Incident type
D Pre-processing

Question 21

For troubleshooting, after a log bundle is created, where do the logs appear on the XCSOAR server?

A /var/lib/demisto
B /tmp/log/demisto
C /usr/local/demisto
D /var/log/demisto

Question 22

Which three types of information are displayed on the incident Quick View? (Choose three.)

A Indicators and relationships
B Timeline information
C Evidence Board
D Context data
E Incident severity

Question 23

Where do you navigate to monitor and improve the system performance and resilience for hosts in a multitenant environment?

A Settings > About > Troubleshooting, in the main host account. Each host has a System Diagnostics page.
B Settings > Advanced > System Diagnostics, in the main host account. Each host has a System Diagnostics page.
C Settings > Account Management > Hosts, in the main host account. Each host has a System Diagnostics page.
D Settings > About > System Diagnostics, in the main host account. Each host has a System Diagnostics page.

Question 24

When creating an automation in XSOAR, what is the best way to create a log message?

A Using a debug statement
B Using the demisto.debug() function
C Using a print statement
D Using the demisto.results() function

Question 25

What is an example of a generic reputation command?

A !ip
B !getReputation
C !reputation
D !enrichIndicator

Page 1 of 6 • Questions 1-25 of 140

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Which two advanced attributes can be applied to incident fields when editing? (Choose two.)

A Set a field trigger script
B Associate to an incident type
C Change field type
D Change field name

Which two causes may be occurring if an integration test is working, but the integration is not fetching incidents? (Choose two.)

A The 'Fetches Incidents' option may not have been enabled
B There are no new events from the external service
C The first fetch should be manually triggered to start the fetching process
D It can take up to 1-hour before incidents are initially fetched

Given the following context data, what would be the expected output of the expression?

A 1E56733826E5035233A097FCEA2046AF96EC616C
B E6EF5142E2553C1E442A0FFAC07636EAC61E6EDD
C 8D193FA162A305E4859BA8C45F5121F7265E3ABB
D e6ef5142e2553c1e442a0ffac07636eac61e6edd

PCSAEPreview