更新された2023年05月テストエンジン練習PCSAE問題集と練習試験合格させます [Q18-Q39]

更新された2023年05月テストエンジン練習PCSAE問題集と練習試験合格させます

問題集お試しセットPCSAEテストエンジンで問題集トレーニングには158問あります

PCSAE試験は、自動化とAPI、スクリプトとプログラミング、セキュリティオペレーションの自動化などの多岐にわたるトピックをカバーしています。Palo Alto Networksの技術に精通しており、スキルをさらに高めたいセキュリティ専門家を対象としています。この試験は70問からなり、時間制限は120分です。試験に合格する候補者は2年間有効なPCSAE認定を受け、自動化コンセプトの深い理解と、それらを利用してセキュリティオペレーションを改善する能力を証明します。

認定 PCSAE を取得するためには、候補者は Palo Alto Networks セキュリティプラットフォームを構成および使用してセキュリティプロセスを自動化するための知識と技能を証明する必要があります。これには、ファイアウォールポリシー、セキュリティポリシー、ネットワークセキュリティ、および脅威防止の熟練度が含まれます。さらに、候補者は Python などのプログラミング言語に熟練しており、Ansible や Terraform のような自動化ツールを理解している必要があります。

 

質問 # 18
Which two advanced attributes can be applied to incident fields when editing? (Choose two.)

• A. Change field type
• B. Associate to an incident type
• C. Set a field trigger script
• D. Change field name

正解：B、C

質問 # 19
Where are incident layouts customized?

• A. Settings > Advanced > Incident Layouts
• B. Settings > Integrations > Instance configuration
• C. Settings > Object Setup > Indicators > Layouts
• D. Settings > Object Setup > Incidents > Layouts

正解：D

質問 # 20
What is the most effective way to correlate multiple raw events coming from a SIEM and link them together?

• A. Manually go through the incidents created by the raw events and link related incidents
• B. Process all alerts by running the respective playbook and link related incidents during post-processing
• C. Configure a pre-process rule to link related events as they are ingested
• D. Ingest all raw events, run a custom script to find the relationship between them and proceed to link them together

正解：B

質問 # 21
An Engineer wants to filter a csvList value according to a dynamic value saved under the test context key.
Which three values would save the test context key? (Choose three.)

• A. Get csvList.value where csvList.value equals ${test} [from previous tasks]
• B. Get csvList.value where csvList.value equals test [from previous tasks]
• C. Get csvList.value where csvList.value equals test {}[from previous tasks]
• D. Get csvList.value where csvList.value equals test [as value]
• E. Get csvList.value where csvList.value equals ${test} [as value]

正解：A、B、E

質問 # 22
On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?

• A. 2MB
• B. 5MB
• C. 3MB
• D. 1MB

正解：D

質問 # 23
Given the following context data, what would be the expected output of the expression?

• A. 8D193FA162A305E4859BA8C45F5121F7265E3ABB
• B. 1E56733826E5035233A097FCEA2046AF96EC616C
• C. e6ef5142e2553c1e442a0ffac07636eac61e6edd
• D. E6EF5142E2553C1E442A0FFAC07636EAC61E6EDD

正解：C

質問 # 24
When developing the playbook, which of the following can be used by a XSOAR Administrator?

• A. The Debugger panel to test data with one of last five incidents. This will affect the incident's original incident data.
• B. Context data from existing incidents by exporting the YAML data from incidents and importing it to playbook editor.
• C. The Debugger panel to test data with one of last fifty incidents. This will not affect the incident's original incident data.
• D. Debugger panel and XML data from a similar incident with New Mock Incident. This will not affect the incidents original incident data.

正解：D

質問 # 25
What is the default task type when creating an empty task?

• A. Standard (Automated)
• B. Conditional
• C. Standard (Manual)
• D. Section header

正解：B

質問 # 26
An organization has recently acquired another company as its subsidiary. The subsidiary has its infrastructure on AWS cloud as illustrated in the image below:

The organization wants to use the mail server location on the subsidiary's cloud to send emails. Without acquiring additional licenses, which XSOAR component can fulfill the requirement?

• A. An XSOAR engine that is downloaded from the XSOAR server and installed within the subsidiary.
• B. Another XSOAR server that uses the same license as their primary XSOAR server.
• C. A Linux server connected with an XSOAR server using SSH integration. Commands can be run remotely to access the mail server.
• D. XSOAR D2 Agents, to send the required emails.

正解：C

質問 # 27
An XSOAR engineer has been tasked with exporting all indicators from the production environment in the last 90 days. The final report needs to be in CSV format containing all indicator fields. How can this task be achieved?

• A. Run the command !GetIndicatorsByQuery in CLI with its default arguments and export all indicators in the last 90 days.
• B. In the Threat Intel page, add query firstSeen:>="90 days ago", select All columns in Table View, and click Export to export as a CSV.
• C. Run the command !findIndicators in CLI with the query firstSeen:>="90 days ago" and export to CSV.
• D. SSH into the server and copy the indicator's database.

正解：B

質問 # 28
Which playbook will a job run by default?

• A. The playbook assigned to the incident type
• B. The playbook assigned by the integration
• C. The playbook assigned during pre-processing
• D. The playbook assigned to the indicator type

正解：A

質問 # 29
What are three different loop types in a playbook? (Choose three.)

• A. Data collection
• B. Conditional
• C. For-each
• D. Automation
• E. Built-in

正解：A、B、C

質問 # 30
Which two components have their own context data? (Choose two.)

• A. Incident
• B. Field
• C. Task
• D. Sub-playbook

正解：A、D

質問 # 31
What happens when an integration is deprecated?

• A. The integration commands in a playbook can no longer be used
• B. The configuration settings will be lost and the integration will no longer function
• C. The integration commands in a playbook can be used, but it will fail at runtime
• D. The integration commands can be used, but it is recommended to update to the latest content pack

正解：D

質問 # 32
Multiple company assets were reported by vulnerability scanners as being vulnerable to CVE-2017-11882. This vulnerability affects applications installed on workstations. The SOC team needs to take action and apply the new vulnerability patch that was just released. The team must first create a cause for each of the identified assets in ServiceNow IT Service Management (ITSM), in order to notify the IT department. Next, the team creates a task in the main playbook, which extracts the list of assets from the scanner report.
After the list of assets are created, what are the two solutions that the SOC team could take so that a case could be created and a patch installed? (Choose two.)

• A. Set a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator contains the count of the number of items in the list) and perform the following tasks:
  - Active Directory User Enrichment based on the computerName
  - Create the ServiceNow Record by adding the enrichment information
  - Mark the ticket severity as Urgent
• B. Create a sub-playbook with a single input containing the computer names that will loop 'For Each Input' and perform the following tasks:
  - Active Directory User Enrichment based on the computerName
  - Create the ServiceNow Record by adding the enrichment information
  - Mark the ticket severity as Urgent
• C. Set a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator equal to count of the number of item in the list) and perform the following tasks:
  - Increase the iterator value by one each time
  - Active Directory User Enrichment based on the computerName
  - Create the ServiceNow Record by adding the enrichment information
• D. Create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Condition: AreValuesEqual - Exit on yes - left:1, right 1) and perform the following tasks:
  - Active Directory User Enrichment based on the computerName
  - Create the ServiceNow Record by adding the enrichment information
  - Mark the ticket severity as Urgent

正解：B、C

解説：
- Mark the ticket severity as Urgent

質問 # 33
To avoid exceeding API quotas for third-party services, indicators are only updated after the indicator cache expiration period. What is the default cache expiration period for indicators in XSOAR (minutes/days)?

• A. 20,160 minutes (14 days)
• B. 4,320 minutes (3 days)
• C. 10,080 minutes (7 days)
• D. 21,600 minutes (15 days)

正解：B

質問 # 34
Which component can be part of a load balancing group?

• A. Load balancing server
• B. D2 agent
• C. Distributed database
• D. Engine

正解：D

質問 # 35
What can you use to assign a layout, field, and playbook to an incoming incident?

• A. Incident type
• B. Classification and mapping
• C. Playbook
• D. Pre-processing

正解：B

質問 # 36
The XSOAR administrator is writing an automation and would like to return an error entry back into XSOAR if a particular command errors out. How can this be achieved?

• A. Using a print statement
• B. Using the return_error() function
• C. Using the demisto_error() function
• D. Using the demisto.debug() function

正解：D

質問 # 37
Which two causes may be occurring if an integration test is working, but the integration is not fetching incidents? (Choose two.)

• A. There are no new events from the external service
• B. It can take up to 1-hour before incidents are initially fetched
• C. The first fetch should be manually triggered to start the fetching process
• D. The 'Fetches Incidents' option may not have been enabled

正解：A、D

質問 # 38
What is the difference between labels and fields?

• A. Labels are indexed in the database and fields are not
• B. Fields can be used in playbooks and labels cannot
• C. Fields are indexed in the database and labels are not
• D. Labels can be used in queries and fields cannot

正解：D

質問 # 39
......

PCSAE認定資格を取得することで、セキュリティプロフェッショナルはセキュリティ自動化における専門知識を証明し、キャリアの見通しを向上させることができます。この認定資格はグローバルで認められており、セキュリティオペレーションを自動化するためのスキルを持つ専門家を求める雇用主からも評価されています。また、認定プロフェッショナルのコミュニティにもアクセスでき、知識やベストプラクティスを共有し、プロフェッショナルな成長を支援することができます。

 

Palo Alto Networks PCSAE問題集カバー率リアル試験問題：https://www.jpntest.com/shiken/PCSAE-mondaishu