Spring Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Home
Paloalto Networks
Security Operations
XSOAR-Engineer
Palo Alto Networks XSOAR Engineer Questions and Answers

Pass the Paloalto Networks Security Operations XSOAR-Engineer Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam XSOAR-Engineer Premium Access

View all detail and faqs for the XSOAR-Engineer exam

Go to Exam

510 Students Passed

93% Average Score

92% Same Questions

Viewing page 2 out of 7 pages

Viewing questions 11-20 out of questions

Questions # 11:

An engineer would like to add a custom field to the New Job form for a job triggered from a threat intel feed. How would the engineer implement this?

Options:

The new job form changes based on the threat intel feed integration configuration

The new job form can be edited from the Indicator Feed incident type editor

The new job form for a threat intel feed job cannot be edited

The new job form can be edited from the threat intel feeds integration settings

Answer

Explanation

[Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-threat-intel-management- guide/manage-indicators/understand-indicators/create-a-feed-based-job.html, , ]

Questions # 12:

What is the default task type when creating an empty task?

Options:

Standard (Manual)

Conditional

Section header

Standard (Automated)

Answer

Explanation

[Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/playbooks/playbook- tasks/playbook-task-fields.html, , ]

Questions # 13:

Which three support types are included in the Marketplace Content Packs? (Choose three.)

Options:

Customer supported

Contex XSOAR supported

Community supported

Partner supported

Prisma Cloud supported

Answer

B, C, D

Explanation

[Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/marketplace/ marketplace-overview/content-packs-support-types.html, , ]

Questions # 14:

What can be added to offload integration instance processing from the main server?

Options:

Database node

Application server

Engine

Development server

Answer

Questions # 15:

Which set of trigger options is available to start a job when a new instance is created?.

Options:

"Mapping" and "Classification"

"Time" and "By delta in feed"

"Cron View" and "Human View"

"Script Start" and "CLI"

Answer

Explanation

Cortex XSOAR jobs are automated scheduled tasks used for running playbooks or scripts on a recurring basis. According to the Jobs documentation within the XSOAR Admin Guide, the available job trigger mechanisms includeTime-based triggersandDelta-based feed triggers.

ATimetrigger enables execution at scheduled intervals using either predefined frequency settings or a cron expression. This allows running jobs hourly, daily, weekly, etc.

ABy delta in feedtrigger launches a job when a connected feed detects changes (new, updated, or removed indicators). This is commonly used in threat-intelligence workflows to perform enrichment, normalization, or distribution when new indicator data arrives.

The other options listed do not exist within XSOAR’s job trigger configuration. "Mapping and Classification" are ingestion components, not job triggers. "Cron View and Human View" are simply formatting options for viewing scheduling expressions—not trigger types. "Script Start and CLI" describe execution methods for scripts, not job-initialization triggers.

Thus, optionBis the accurate and documented set of job trigger types available when creating a new job in XSOAR.

Questions # 16:

When the verdict of an indicator is set manually, which source reliability does it receive?.

Options:

F - reliability cannot be found.

Undefined.

A+++.

Answer

Explanation

When an analyst manually sets an indicator’s verdict, XSOAR records the verdict with a source named "Manual", and assigns it a reliability of Undefined.

This is explicitly documented under Indicator Verdict + Reliability behavior when a manual override is applied.

Questions # 17:

During configuration of the inputs of a sub-playbook in the main playbook, there is an option under the Loop tab called "For Each Input". What is this option used to?

Options:

To loop the sub-playbook over all context values present in the investigation

To loop the sub-playbook over all incident fields for the given incident

To loop the sub-playbook over all the fields marked as important

To loop the sub-playbook over all defined sub-playbook inputs

Answer

Questions # 18:

Which of these would be the most operationally efficient repository for moving XSOAR custom content from a development server to a production environment?

Options:

A content repository specified in the Marketplace

Remote git repository specified in the dev-prod configuration parameters

The development server's default repository

Cortex XSOAR public content repository

Answer

Questions # 19:

An engineer wants to customize the regex for the default IP indicator type. How can this change be implemented?

Options:

Create a new indicator type and disable the built-in IP indicator

Edit the regex of the default IP Indicator

Add a new server configuration key that will overwrite the default regex of the IP indicator

Delete the default IP indicator

Answer

Explanation

[Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/manage-indicators/ understand-indicators/indicator-types/indicator-type-profile.html, , ]

Questions # 20:

What is an example of a generic reputation command?