Back

Practice Free PCSAE Exam Online Questions

Question #1

Which method accesses a field called ‘User Mail’ in a playbook?

  • A . ${incident.usermail}
  • B . ${incident.User Mail}
  • C . ${incident.UserMail}
  • D . ${usermail}

Reveal Solution Hide Solution

Question #2

Which two methods are used to add new content to the XSOAR Content Repository? (Choose two.)

  • A . Create content and add it to the standard content by contributing through the Marketplace
  • B . Use the XSOAR GitHub Contribution Guide to add the contribution to the standard content
  • C . Create a support ticket with the custom content for review by the support team
  • D . Any custom content will be automatically uploaded to the content repository

Reveal Solution Hide Solution

Question #3

You need to retrieve a list of all malicious hashes over the last 30 days.

What is the correct query to use?

  • A . type:File reputation:Malicious sourcetimestamp:"30 days ago"
  • B . type:File verdict:Malicious sourcetimestamp:<="30 days ago"
  • C . type:File reputation:Malicious sourcetimestamp:="30 days ago"
  • D . type:File verdict:Malicious sourcetimestamp:>="30 days ago"

Reveal Solution Hide Solution

Question #4

How is data transferred between playbook tasks?

  • A . Read/Write from context data
  • B . Over war room results
  • C . Input from the indicator page
  • D . Directly from a previous task

Reveal Solution Hide Solution

Question #5

A SOC analyst needs to retrieve the list of all open phishing incidents in the last 30 days.

What is the correct query to use?

  • A . -status:closed -category:job type:Phishing created:>="30 days ago"
  • B . status:closed -category:job & type:Phishing created:>="30 days ago"
  • C . -status:closed -category:job & type:Phishing created:<="30 days ago"
  • D . -status:closed -category:job type:Phishing created:="30 days ago"

Reveal Solution Hide Solution

Question #6

Given the following context data, what would be the expected output of the expression?

  • A . 1E56733826E5035233A097FCEA2046AF96EC616C
  • B . E6EF5142E2553C1E442A0FFAC07636EAC61E6EDD
  • C . 8D193FA162A305E4859BA8C45F5121F7265E3ABB
  • D . e6ef5142e2553c1e442a0ffac07636eac61e6edd

Reveal Solution Hide Solution

Question #7

An administrator wants to run an automation in the War Room to set the incident field "Description" to "Confirmed Phishing".

Which command should they enter in the War Room CLI?

  • A . !incidentSet description="Confirmed Phishing"
  • B . /incidentSet description=Confirmed Phishing
  • C . !setIncident description="Confirmed Phishing"
  • D . /setIncident description=Confirmed Phishing

Reveal Solution Hide Solution

Question #8

Which two components have their own context data? (Choose two.)

  • A . Sub-playbook
  • B . Task
  • C . Field
  • D . Incident

Reveal Solution Hide Solution

Question #9

Which two incident search queries are valid? (Choose two.)

  • A . created:>=”7 days”
  • B . owner===admin
  • C . role is Analyst
  • D . status:closed Ccategory:job

Reveal Solution Hide Solution

Question #10

An administrator has noticed that an integration has failed to fetch incidents.

Where would they go to download logs to troubleshoot the error?

  • A . Go to the Marketplace > Download the Fix my XSOAR playbook pack > Run the playbook > Download logs from War Room
  • B . Settings > About > Troubleshooting > Set Log Level to Debug > Download Logs
  • C . Dashboards & Reports > System Health
  • D . Settings > About > System Diagnostics

Reveal Solution Hide Solution