Is the PCSAE practice exam free?

Yes. ExamCademy offers all 160 PCSAE practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the PCSAE practice questions?

All PCSAE questions are community-created and reviewed by moderators to align with Palo Alto Networks's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the PCSAE exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official Palo Alto Networks documentation and hands-on experience for best results.

PCSAE Practice Exam — Free 160+ Questions

160Practice Questions

3Study Modes

FreeTo Get Started

Sort:

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Page 1 of 7 • Questions 1-25 of 160

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

What is the difference between labels and fields?

A Fields can be used in playbooks and labels cannot
B Fields are indexed in the database and labels are not
C Labels can be used in queries and fields cannot
D Labels are indexed in the database and fields are not

DRAG DROP -
Match the operations with the appropriate context.
Select and Place:

Question Image

How would context data be filtered to receive only malicious indicator values with DBotScore?

A Get DBotScore.value where DBotScore.Score (Larger or equals) 4
B Get DBotScore.value where DBotScore.Score (equals (int)) 3
C Get DBotScore where DBotScore.Score (Larger than) 1
D Get DBotScore where DBotScore.Score (Larger or equals) 2

You need to retrieve a list of all malicious hashes over the last 30 days. What is the correct query to use?

A type:File reputation:Malicious sourcetimestamp:"30 days ago"
B type:File verdict:Malicious sourcetimestamp:<="30 days ago"
C type:File reputation:Malicious sourcetimestamp:="30 days ago"
D type:File verdict:Malicious sourcetimestamp:>="30 days ago"

What is the default landing page for a new user in XSOAR?

A Dashboards
B Threat Intel
C Settings
D Marketplace

Threat Intel search queries can be shared with which of the following? (Select 1)

A Users defined in the platform (email or username)
B Other organizations via the Marketplace
C Users outside XSOAR via email invite
D Roles defined in the platform

What is an example of a generic reputation command?

A !ip
B !getReputation
C !reputation
D !enrichIndicator

What is the function of timer SLA fields in Cortex XSOAR?

A To track SLA breaches per playbook
B To run a script that executes on SLA assignment
C To automatically alert the analyst on SLA breach
D To count the time between one or more tasks

What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)

A Download content for offline installation
B Uninstall content pack
C Update to x version
D Revert to x version

Which of the following is a basic setting that can be configured in an automation?

A Summary
B Compiler
C Schedule
D Run On

What happens if both a Classifier and Incident Type are configured in an integration instance's settings?

A The administrator will receive a notification that there is both a Classifier and Incident Type set for that integration instance.
B The Incident Type will be ignored, and incoming incidents will be classified according to the Classifier.
C The Classifier will be ignored, and incoming incidents will be classified according to the Incident Type.
D Both the Classifier and Incident Type will classify incoming incidents.

When creating an incident layout section, it is best to place long field values within which of the following?

A Section headers
B Rows
C Canvas
D Cards

While testing a custom integration, an XSOAR engineer noticed that the incident fetch interval is missing. How can this be fixed?

A Define the Incident Fetch Interval when running the integration’s commands.
B Duplicate the integration. Edit the resulting copy and add incidentFetchInterval as a parameter. Save the integration. Configure the new integration instance with the interval required.
C Configure the application to send incidents on the required interval.
D Duplicate the integration. Add the interval in the code. Save the integration and Configure the new integration instance with the interval required.

When is the post-processing script executed in XSOAR?

A Just after the incident is created
B Just after the pre-processing is executed
C Just after the playbook is executed
D Just after the Close Incident button is clicked

Which option is available in XSOAR to create the body of a Threat Intel Report?

A Markdown
B Grid Fields
C DOC format
D Javascript

Which two input requirements are needed to train a machine learning model? (Choose two.)

A 3000 Incidents
B Incident Field
C Verdict Label
D Incident Type

An engineer is developing a playbook that will be run multiple times for testing purposes.
What is the recommended first task to be used in the playbook?

A DeleteContext
B GenerateTest
C PrintContext
D SetContext

What does Script helper contain?

A Available commands
B Permission settings
C Automation version history
D Automation timeout configuration

Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)

A Python
B Perl
C Go
D JavaScript
E Powershell

What are three different loop types in a playbook? (Choose three.)

A Automation
B Built-in
C Data collection
D Conditional
E For-each

What is the default task type when creating an empty task?

A Standard (Manual)
B Conditional
C Section header
D Standard (Automated)

By default, automation written in which language will be executed in a Docker container?

A Python
B Go
C JavaScript
D Perl

Which investigation element is best suited for collaboration among users?

A Work Plan
B Related Incidents
C War Room
D Context Data

Which two solutions are available to scale an overloaded XSOAR environment? (Choose two.)

A Add a distributed database server
B Add an indexing server
C Add a live backup server (disaster recovery)
D Add an engine

Management would like to get an incident report automatically following an incident's closure.
How would this be accomplished?

A Define a task in a playbook to generate an incident report before the closure occurs
B Manually create an 'Incident Report'
C Configure post-processing using a script
D Create an 'Incident Report' from the Reports page

PCSAEPreview

About the PCSAE Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

PCSAEPreview

About the PCSAE Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25