XSOAR EDU380 PCSAE EXAM 2022 WITH
COMPLETE SOLUTION
What happens if you configure an integration with inaccurate credentials and
click Done?
The system creates a new instance of the integration.
How does the context data work?
Key-value pair dictionary
What approach does palo alto recommend for developing a use case?
Begin with the end in mind
Which role is associated with deployment of XSOAR servers and engines with
baseline operational functionality?
IT Administrator
What is the first step in the high level flow logic of XSOAR system?
ingestion of event data
What will happen if you click to 'disable' an integration?
the integration and configuration information will be retained
which two types of integrations are installed by default?
1. commonly used authentication
2. basic communication + system messaging
Which is a potentially 'harmful command'?
integration command that has been flagged as 'potentially harmful'
First step in the playbook development process?
Formalize use case definition
A "standard" task can specify one of which two types of actions?
1. manual
2. automated
What is the name for a step in an XSOAR playbook?
task
How can live backup help with disaster recovery?
Need to manually trigger the failover (to switch to primary)
How does Legacy Distributed DB work?
Has a main DB with playbooks & incidents;
and has Nodes that are used to distributed to create redundancy
How to optimize Docker?
limit available memory & CPUs
limit open file descriptions
Which resource provides baseline, detailed reference information for specific
playbooks and integrations?
xsoar.pan.dev
Which is an option for the config of a button that you add to a layout?
script
which config determines the LAYOUT applied to an incident?
Incident type
, During which part of the incident lifecycle is an incident assigned an incident
type?
classification
how many keys does the classifier editor allow you to use to make mapping
decisions?
no more than 1
what object does the system use to store event data that is mapped to XSOAR
fields?
context data
Which Cortex XSOAR infrastructure component do you deploy in a protected
network to extend the capabilities of the core server?
XSOAR engine
A single multi-tenant system can be configured to support about how many total
tenants?
100
In a DEV-PROD configuration, where does the production server get updates
authored by the Palo Alto Networks?
the remote repo specified in the dev-prod config parameters
What must you do to modify the code for an integration or layout that you have
downloaded from the Marketplace?
click to duplicate the integration
When is the basic system config info generated log files in the log bundle?
at the time the log bundle is requested
What is an accurate description of a Docker container?
a software package that has everything needed to run an application
Where is the default global register for Docker
Docker Hub
Which two types of actions can be specified with a "Standard" playbook task?
-manual
-automated
What two privileges are needed to create or customize an incident layout?
1. Page access privilege for the settings page
2. read/write privilege for investigations
Which three types of content packs can be downloaded from Marketplace?
1. Playbooks
2. Automations
3. Integrations
Where can the entire history of group interactions involving an attack response
be seen?
Cortex XSOAR War Room
Which is the correct search query for "incidents that are not jobs and that are not
closed"
-status:closed -category:job
Which three fields are available for querying indicators?
COMPLETE SOLUTION
What happens if you configure an integration with inaccurate credentials and
click Done?
The system creates a new instance of the integration.
How does the context data work?
Key-value pair dictionary
What approach does palo alto recommend for developing a use case?
Begin with the end in mind
Which role is associated with deployment of XSOAR servers and engines with
baseline operational functionality?
IT Administrator
What is the first step in the high level flow logic of XSOAR system?
ingestion of event data
What will happen if you click to 'disable' an integration?
the integration and configuration information will be retained
which two types of integrations are installed by default?
1. commonly used authentication
2. basic communication + system messaging
Which is a potentially 'harmful command'?
integration command that has been flagged as 'potentially harmful'
First step in the playbook development process?
Formalize use case definition
A "standard" task can specify one of which two types of actions?
1. manual
2. automated
What is the name for a step in an XSOAR playbook?
task
How can live backup help with disaster recovery?
Need to manually trigger the failover (to switch to primary)
How does Legacy Distributed DB work?
Has a main DB with playbooks & incidents;
and has Nodes that are used to distributed to create redundancy
How to optimize Docker?
limit available memory & CPUs
limit open file descriptions
Which resource provides baseline, detailed reference information for specific
playbooks and integrations?
xsoar.pan.dev
Which is an option for the config of a button that you add to a layout?
script
which config determines the LAYOUT applied to an incident?
Incident type
, During which part of the incident lifecycle is an incident assigned an incident
type?
classification
how many keys does the classifier editor allow you to use to make mapping
decisions?
no more than 1
what object does the system use to store event data that is mapped to XSOAR
fields?
context data
Which Cortex XSOAR infrastructure component do you deploy in a protected
network to extend the capabilities of the core server?
XSOAR engine
A single multi-tenant system can be configured to support about how many total
tenants?
100
In a DEV-PROD configuration, where does the production server get updates
authored by the Palo Alto Networks?
the remote repo specified in the dev-prod config parameters
What must you do to modify the code for an integration or layout that you have
downloaded from the Marketplace?
click to duplicate the integration
When is the basic system config info generated log files in the log bundle?
at the time the log bundle is requested
What is an accurate description of a Docker container?
a software package that has everything needed to run an application
Where is the default global register for Docker
Docker Hub
Which two types of actions can be specified with a "Standard" playbook task?
-manual
-automated
What two privileges are needed to create or customize an incident layout?
1. Page access privilege for the settings page
2. read/write privilege for investigations
Which three types of content packs can be downloaded from Marketplace?
1. Playbooks
2. Automations
3. Integrations
Where can the entire history of group interactions involving an attack response
be seen?
Cortex XSOAR War Room
Which is the correct search query for "incidents that are not jobs and that are not
closed"
-status:closed -category:job
Which three fields are available for querying indicators?
