PCSAE Online Practice Questions and Answers

Given an incident with three files, how could the name of the second file be referenced?

A. ${Files.[2].Name}

B. ${Files.Name.[2]}

C. ${File.[1].Name}

D. ${File.Name.[1]}

Which two causes may be occurring if an integration test is working, but the integration is not fetching incidents? (Choose two.)

A. The 'Fetches Incidents' option may not have been enabled

B. There are no new events from the external service

C. The first fetch should be manually triggered to start the fetching process

D. It can take up to 1-hour before incidents are initially fetched

Which two statements describe how timers are configured to start and stop automatically in a playbook? (Choose two.)

A. Use a field of Number to count the number of seconds elapsed between two tasks

B. After the playbook has run, calculate the total time taken and set the timer field with this value

C. To begin counting time taken, add a task in the playbook with automation startTimer. To end the counting, add a task with automation stopTimer

D. From the Timers tab of the playbook task, choose the action for the timer and the timer field to perform the action on

Where can engineers add the post-processing scripts to incidents?

A. The post-processing tag must be added to the automation

B. Post-processing scripts must be added at the end of playbooks

C. Post-processing scripts must be added from the Incident Type editor

D. Post-processing scripts must be added from the Post-Process Rules editor

Which two components have their own context data? (Choose two.)

A. Sub-playbook

B. Task

C. Field

D. Incident

Multiple company assets were reported by vulnerability scanners as being vulnerable to CVE-2017-11882. This vulnerability affects applications installed on workstations. The SOC team needs to take action and apply the new vulnerability patch that was just released. The team must first create a cause for each of the identified assets in ServiceNow IT Service Management (ITSM), in order to notify the IT department. Next, the team creates a task in the main playbook, which extracts the list of assets from the scanner report.

After the list of assets are created, what are the two solutions that the SOC team could take so that a case could be created and a patch installed? (Choose two.)

A. Create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Condition: AreValuesEqual – Exit on yes – left:1, right 1) and perform the following tasks:

-Active Directory User Enrichment based on the computerName

-Create the ServiceNow Record by adding the enrichment information

-Mark the ticket severity as Urgent

B. Create a sub-playbook with a single input containing the computer names that will loop `For Each Input' and perform the following tasks:

-Active Directory User Enrichment based on the computerName

-Create the ServiceNow Record by adding the enrichment information

-Mark the ticket severity as Urgent

C. Set a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator contains the count of the number of items in the list) and perform the following tasks:

-Active Directory User Enrichment based on the computerName

-Create the ServiceNow Record by adding the enrichment information

-Mark the ticket severity as Urgent

D. Set a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator equal to count of the number of item in the list) and perform the following tasks:

-Increase the iterator value by one each time

-Active Directory User Enrichment based on the computerName

-Create the ServiceNow Record by adding the enrichment information

-Mark the ticket severity as Urgent

In which two ways can data be transferred between playbooks and sub-playbooks? (Choose two.)

A. Inputs and outputs

B. Through integration context

C. Automatically extracted by sub-playbooks

D. From context data, if context is shared globally

What can be added to offload integration instance processing from the main server?

A. Database node

B. Application server

C. Engine

D. Development server

Whar are possible war room result (entry) types?

A. Context, file, error, image

B. Note, indicator, error, image

C. Video, file, error, image D. Note, file, error, image

When uploading content, which two options could the upload include? (Choose two.)

A. Indicators

B. Incidents

C. Reports

D. Fields

What is the default task type when creating an empty task?

A. Standard (Manual)

B. Conditional

C. Section header

D. Standard (Automated)

In which two locations can filters and transformers be used in XSOAR? (Choose two.)

A. Classification and Mapping

B. Playbook Tasks

C. Evidence Fields

D. Incident Fields

Which three actions can an engineer take on the troubleshooting page? (Choose three.)

A. Download the debug log bundle

B. Put the XSOAR server in maintenance mode

C. View and modify server configuration settings

D. Export and import custom content

E. View a list of server administrators

An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users.

Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)

A. Open a ticket with the XSOAR support team

B. Create a pull request directly on Github

C. Contribute through the XSOAR UI

D. Send an email to [email protected]

Which two input requirements are needed to train a machine learning model? (Choose two.)

A. 3000 Incidents

B. Incident Field

C. Verdict Label

D. Incident Type