special code - Ends in 0d 00h 00m 00s - Coupon code = discmirror

Home
Paloalto Networks
Security Operations
XSOAR-Engineer
Palo Alto Networks XSOAR Engineer Questions and Answers

Pass the Paloalto Networks Security Operations XSOAR-Engineer Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam XSOAR-Engineer Premium Access

View all detail and faqs for the XSOAR-Engineer exam

Go to Exam

396 Students Passed

94% Average Score

90% Same Questions

Viewing page 1 out of 7 pages

Viewing questions 1-10 out of questions

Questions # 1:

By default, which components does an XSOAR implementation include?

Options:

XSOAR server, XSOAR engine

Application server, distributed DB server

Application server, distributed DB server, Backup server

All in one server

Answer

Explanation

[Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/installation/install- demisto-on-a-physical-or-virtual-server.html, , ]

Questions # 2:

Based on the image below, what will be the type of this new incident?.

Question # 2

Options:

Cortex XDR Incident - Quasar.

Cortex XDR Incident.

Unclassified.

Default.

Answer

Questions # 3:

Which two situations would an engineer consider when configuring classification and mapping for an incident type? (Choose two.)

Options:

When creating incidents from the XSOAR REST API

When manually creating an incident from the UI

When adding a new analyst account to XSOAR

When fetching many different incident types from a single mailbox

Answer

A, B

Questions # 4:

What assigns newly ingested event attributes to incident fields?

Options:

Playbooks

Classification

Mapping

Layouts

Answer

Questions # 5:

Which component can be part of a load balancing group?

Options:

Distributed database

D2 agent

Engine

Load balancing server

Answer

Explanation

[Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/engines/understand- demisto-engines.html, , ]

Questions # 6:

What are two of the actions available on the Version History tab of a content pack in the marketplace? (Choose two.)

Options:

Download content for offline installation

Uninstall content pack

Update to x version

Revert to x version

Answer

C, D

Questions # 7:

An Engineer wants to filter a csvList value according to a dynamic value saved under the test context key.

Which three values would save the test context key? (Choose three.)

Options:

Get csvList.value where csvList.value equals test [from previous tasks]

Get csvList.value where csvList.value equals ${test} [from previous tasks]

Get csvList.value where csvList.value equals test {}[from previous tasks]

Get csvList.value where csvList.value equals test [as value]

Get csvList.value where csvList.value equals ${test} [as value]

Answer

A, B, E

Questions # 8:

Select the correct incident life cycle on XSOAR.

Options:

Planning > Incident Ingestion > Incident Creation > Mapping and Classification > Pre-processing > Playbook runs > Post-processing

Planning > Incident Ingestion > Pre-processing > Incident Creation > Mapping and Classification > Playbook runs > Post-processing

Planning > Incident Ingestion > Pre-processing > Mapping and Classification > Incident Creation > Playbook runs > Post-processing

Planning > Incident Ingestion > Mapping and Classification > Pre-processing > Incident Creation > Playbook runs > Post-processing

Answer

Questions # 9:

A temporary integration issue causes a scheduled job to fail continuously.

Which action will ensure the job continues to run after future failures?.

Options:

Edit Queue Handling settings of the job.

Verify that the "Continue on Error" box is checked in the job.

Adjust the Role-Based Access Control (RBAC) of the incident type.

Ensure the last playbook task runs closeInvestigation.

Answer

Explanation

Jobs in XSOAR run playbooks or scripts automatically at scheduled intervals. According to the Job Execution section of the Admin Guide, if a job encounters an error during playbook execution, its continued operation depends on whether“Continue on Error”is enabled. When this checkbox is selected, the job will not terminate due to an exception or integration failure. Instead, it logs the error and proceeds to the next scheduled execution as normal.

Queue handling settings (A) apply to indicators/job queues within feeds, not job failure behavior. RBAC changes (C) do not influence job execution continuity. Ensuring the last task closes the investigation (D) is unrelated and may even disrupt job workflows, since jobs often do not require incident-based models.

By contrast, enablingContinue on Erroris the documented mechanism that prevents scheduled jobs from halting due to transient or recurring errors. It ensures operational resilience, especially during integration outages or API rate limits.

Thus, optionBis the correct and fully documented answer.

Questions # 10:

Where would you look to find a personalized view of your own incidents and tasks?