[2023年10月26日] 最新でリアルなPCSAE試験問題集解答 [Q37-Q54]

[2023年10月26日] 最新でリアルなPCSAE試験問題集解答

あなたを簡単に合格させるPCSAE試験問と正確なPalo Alto Networks Certified Security Automation EngineerのPDF問題

質問 # 37
Which two options will troubleshoot an integration's fetch incidents command? (Choose two.)

• A. In the instance settings, enable the fetch incidents parameter and wait for one minute
• B. Create a one task playbook with a fetch-incident command
• C. execute !<integration_instance_name>-fetch
• D. execute !<integration_name>-fetch

正解：A、C

質問 # 38
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)

• A. Perl
• B. Powershell
• C. JavaScript
• D. Go
• E. Python

正解：B、C、E

質問 # 39
Newly created subplaybooks do not have any inputs, or outputs. What is necessary to make them functional? (Choose two.)

• A. Open the subplaybook and add inputs or outputs in the Playbook triggered task.
• B. The output of the previous task automatically becomes the input of the subplaybook.
• C. Map inputs and outputs to the parent playbook and the subplaybook will use the same values.
• D. Define input key in the subplaybook task. Map context values to pull from parent playbook.

正解：A、D

質問 # 40
Which development languages are supported when creating XSOAR automation scripts?

• A. Ruby, C++, Python
• B. Javascript, Powershell, C++
• C. C++, Python, Powershell
• D. Python, Powershell, Javascript

正解：D

質問 # 41
Which two components have their own context data? (Choose two.)

• A. Field
• B. Sub-playbook
• C. Incident
• D. Task

正解：B、C

質問 # 42
An engineer would like to change an incident's SLA according to the severity field changes. How can the engineer achieve this task?

• A. Create a job that queries for incident severity changes
• B. Use a field display script
• C. Change the SLA manually every time the severity changes
• D. Use a field trigger script

正解：B

質問 # 43
A large number of incidents were deleted by mistake.
Which two architecture components can be used to recover the lost data? (Choose two.)

• A. Distributed database
• B. Local backup
• C. Live backup
• D. Engine

正解：B、C

解説：
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-6/cortex-xsoar-admin/disaster-recovery-and-live-backup/backup-the-database.html

質問 # 44
An engineer deployed two different instances of Active Directory for each organization site. As part of account enrichment use case, the engineer would like to delete a user from one specific site.
Which command will accomplish this?

• A. run 'ad-delete-user' command with 'user-dn' arg and raw-response=true
• B. run 'ad-delete-user' command with 'user-dn' arg and using="Active Directory
• C. run 'ad-delete-user' command with 'user-dn' arg and using-brand="Active Directory Query v2"
• D. run 'ad-delete-user' command with 'user-dn' arg and ignore-outputs=true

正解：B

解説：
Query v2_instance_1"

質問 # 45
What is the most effective way to correlate multiple raw events coming from a SIEM and link them together?

• A. Process all alerts by running the respective playbook and link related incidents during post-processing
• B. Manually go through the incidents created by the raw events and link related incidents
• C. Ingest all raw events, run a custom script to find the relationship between them and proceed to link them together
• D. Configure a pre-process rule to link related events as they are ingested

正解：D

質問 # 46
Which three types of information are displayed on the incident Quick View? (Choose three.)

• A. Timeline information
• B. Evidence Board
• C. Context data
• D. Incident severity
• E. Indicators and relationships

正解：A、B、E

質問 # 47
An engineer asked for a specific command in an integration but the capability does not exist. The engineer decided to edit the existing integration by copying the integration and adding the needed commands.
What is the main concern when adding these commands?

• A. The custom integration will not be maintained and updated by XSOAR content team
• B. The commands must return a proper result to the war room for the analysts to understand
• C. The code may not be written to XSOAR standards
• D. The integrations are locked and cannot be edited with additional commands

正解：D

質問 # 48
Which tag must be applied to an Automation Script in order for it to be available when configuring an Indicator Type?

• A. reputationScript
• B. reputation-script
• C. reputation
• D. enrich

正解：A

質問 # 49
Match the appropriate action to the layout type.

正解：

解説：

質問 # 50
Match the operations with the appropriate context.

正解：

解説：

質問 # 51
An engineer would like to add a custom field to the New Job form for a job triggered from a threat intel feed.
How would the engineer implement this?

• A. The new job form can be edited from the threat intel feeds integration settings
• B. The new job form can be edited from the Indicator Feed incident type editor
• C. The new job form changes based on the threat intel feed integration configuration
• D. The new job form for a threat intel feed job cannot be edited

正解：B

質問 # 52
You need to retrieve a list of all malicious hashes over the last 30 days. What is the correct query to use?

• A. type:File verdict:Malicious sourcetimestamp:>="30 days ago"
• B. type:File reputation:Malicious sourcetimestamp:="30 days ago"
• C. type:File verdict:Malicious sourcetimestamp:<="30 days ago"
• D. type:File reputation:Malicious sourcetimestamp:"30 days ago"

正解：D

質問 # 53
What are inputs and outputs in reference to a Playbook Development Lifecycle? (Choose three.)

• A. Inputs are data pieces that are present in the playbook
• B. Inputs are data pieces that are present in the task
• C. Outputs are used as incident trigger for playbook
• D. Outputs can be derived from the result of a task or command
• E. Inputs are the data fields parsed by the Classifier

正解：A、D、E

質問 # 54
......

更新されたPCSAE試験練習テスト問題：https://www.jpntest.com/shiken/PCSAE-mondaishu