PCSAE Online Practice Questions and Answers

An engineer defined a dashboard which allows important metrics to be displayed. The engineer would like to make this dashboard the default dashboard. How can it be accomplished?

A. Default Dashboard can be defined by `Role'

B. Use the server configuration key: default.dashboards

C. Save the dashboard as a widget and apply it to all users

D. Right click on the dashboard tab and `Set as Default'

What is used to trigger playbooks automatically based on the classification of an incident?

A. Indicator type

B. Incoming mapper

C. Incident types

D. Integration configuration

Which two statements describe how timers are configured to start and stop automatically in a playbook? (Choose two.)

A. Use a field of Number to count the number of seconds elapsed between two tasks

B. After the playbook has run, calculate the total time taken and set the timer field with this value

C. To begin counting time taken, add a task in the playbook with automation startTimer. To end the counting, add a task with automation stopTimer

D. From the Timers tab of the playbook task, choose the action for the timer and the timer field to perform the action on

Which three actions can an engineer take on the troubleshooting page? (Choose three.)

A. Download the debug log bundle

B. Put the XSOAR server in maintenance mode

C. View and modify server configuration settings

D. Export and import custom content

E. View a list of server administrators

A SOC manager built a dashboard and would like to share the dashboard with other team members. How would the SOC manager create a dashboard that meets this requirement?

A. Manually share the dashboard through user emails

B. Dashboard is shared to all XSOAR users

C. Propagate the dashboard based on SAML authentication

D. Dashboard is shared to all XSOAR users in a selected role

At what stage during the incident lifecycle is an incident type assigned?

A. Pre-processing

B. Incident creation

C. Classification

D. Playbook execution

An engineer would like to present a trend using widgets to compare to a previous week's data. Which two methods will allow the engineer to meet the requirement? (Choose two.)

A. Create widget of type Line, check `Display Trend' and define as 7 days ago

B. Create a custom widget using a new incident query

C. Create widget of type Number, check `Display Trend' and define as 7 days ago

D. Create a custom widget using a script

A Cortex XSOAR Administrator is tasked with building a button for an analyst in order for the analyst to be assigned to the incident as an owner. What is the process?

A. Edit the incident layout to add a new button that calls the AssignAnalystToIncident automation with no argument

B. Edit the incident layout to add a new button that calls the AssignToMeButton automation with argument assignBy={me}

C. Edit the incident layout to add a new button that calls the AssignAnalystToIncident automation with argument owner={me}

D. Edit the incident layout to add a new button that calls the AssignAnalystToIncident automation with argument assignBy=current

What can be used as integration parameters?

A. URL, API key, port

B. URL, certificate, image

C. Token, query, playbook

D. User-password, csv file, query

Which two components have their own context data? (Choose two.)

A. Sub-playbook

B. Task

C. Field

D. Incident