- All Exams Instant Download
Which two incident search queries are valid? (Choose two.)
Which two incident search queries are valid? (Choose two.)A . created:>=”7 days” B. owner===admin C. role is Analyst D. status:closed Ccategory:jobView AnswerAnswer: A,D Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/cortex-xsoar-overview/how-to-search-in-cortex-xsoar.html
Threat Intel search queries can be shared with which of the following? (Select 1)
Threat Intel search queries can be shared with which of the following? (Select 1)A . Users defined in the platform (email or username) B. Other organizations via the Marketplace C. Users outside XSOAR via email invite D. Roles defined in the platformView AnswerAnswer: B
Inside the Incidents table view, which actions can be performed on the selected incidents? (Choose two.)
Inside the Incidents table view, which actions can be performed on the selected incidents? (Choose two.)A . Run Command, Export, and Close and Delete for all selected incidents regardless of their status B. Assign, Edit, and Mark as Duplicate for all selected incidents regardless of their status C. Run Command...
Which three options can be defined in the layout settings? (Choose three.)
Which three options can be defined in the layout settings? (Choose three.)A . Set of fields to present B. Permission to view the tab based on ‘Users’ C. Permission to view the tab based on ‘Roles’ D. Delete built-in tabs including the war room E. Dynamic sectionsView AnswerAnswer: A,C,E Explanation:...
In which three locations can an engineer try to find information, when troubleshooting a failed integration instance error produced by the test button? (Choose three.)
In which three locations can an engineer try to find information, when troubleshooting a failed integration instance error produced by the test button? (Choose three.)A . The audit log B. The log bundle C. The source code for an integration D. The error message returned directly below the button E....
Arrange these steps in the order that they occur during an incident fetch
DRAG DROP Arrange these steps in the order that they occur during an incident fetch. View AnswerAnswer: Explanation: Integration performs Classification is applied Mapping is applied Incident is created (before incident creation it should be also pre-process rule step)
What is necessary to make them functional?
Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)A . Define input key in the subplaybook task. Map context values to pull from parent playbook. B. The output of the previous task automatically becomes the input of the subplaybook. C....
What is the correct query to use?
A SOC analyst needs to retrieve the list of all open phishing incidents in the last 30 days. What is the correct query to use?A . -status:closed -category:job type:Phishing created:>="30 days ago" B. status:closed -category:job & type:Phishing created:>="30 days ago" C. -status:closed -category:job & type:Phishing created:<="30 days ago" D. -status:closed...
Which two capabilities do Automation script settings include? (Choose two.)
Which two capabilities do Automation script settings include? (Choose two.)A . Define ‘parameters’ B. Correlate to incident types C. Define ‘outputs’ D. Set password protectionView AnswerAnswer: C,D
When mapping incoming data to incident fields, which statement is correct?
When mapping incoming data to incident fields, which statement is correct?A . Data that is not mapped is placed under labels B. Only text fields are classified C. Classification cannot be used if mapping is enabled D. Every incoming field must be mappedView AnswerAnswer: A Explanation: Reference: https://xsoar.pan.dev/docs/incidents/incident-classification-mapping
