PCSAE Online Practice Questions and Answers

DRAG DROP

Match the corresponding action with the appropriate playbook tasks.

Select and Place:

An engineer notices that playbooks only start once the user clicks the `investigate' button and he/she would like the playbook to start automatically. How can this be implemented?

A. Add the playbook to the integration's settings

B. Select `Run playbook automatically' from the incident type settings

C. Add the !startinvestigation automation to the beginning of the playbook

D. Select `Run playbook automatically' from the integration settings

An engineer would like to present a trend using widgets to compare to a previous week's data.

Which two methods will allow the engineer to meet the requirement? (Choose two.)

A. Create widget of type Line, check `Display Trend' and define as 7 days ago

B. Create a custom widget using a new incident query

C. Create widget of type Number, check `Display Trend' and define as 7 days ago

D. Create a custom widget using a script

Which investigation element is best suited for collaboration among users?

A. Work Plan

B. Related Incidents

C. War Room

D. Context Data

What can be added to offload integration instance processing from the main server?

A. Database node

B. Application server

C. Engine

D. Development server

Incidents need to be filtered by all of the following criteria:

1.

Status – Pending

2.

Exclude Category – Job

3.

Severity – High

4.

Owner – None (No owner assigned)

5.

Type – Phishing

6.

Email Subject – “You have won a million dollars”

What is the correct query syntax for the above incident search filter?

A. status==“Pending“ andand category!=”job” andand severity==”High” andand owner==”None” andand type==”Phishing” andand emailsubject==”You have won a million dollars”

B. Status:Pending and –Category:job and Severity:High and Owner:”” and Type:Phishing and Email Subject:You have won a million dollars

C. status:Pending and –category:job and severity:High and owner:”” and type:Phishing and emailsubject:”You have won a million dollars”

D. status:Pending or –category:job or severity:High or owner:”” or type:Phishing or emailsubject:”You have won a million dollars”

What does Script helper contain?

A. Available commands

B. Permission settings

C. Automation version history

D. Automation timeout configuration

What are three different loop types in a playbook? (Choose three.)

A. Automation

B. Built-in

C. Data collection

D. Conditional

E. For-each

What is the difference between labels and fields?

A. Fields can be used in playbooks and labels cannot

B. Fields are indexed in the database and labels are not

C. Labels can be used in queries and fields cannot

D. Labels are indexed in the database and fields are not

Which two solutions are available to scale an overloaded XSOAR environment? (Choose two.)

A. Add a distributed database server

B. Add an indexing server

C. Add a live backup server (disaster recovery)

D. Add an engine