Practice Free PCSAE Exam Online Questions
Which configuration is a valid distributed database (DB) implementation?
- A . 2 main DBs, 1 application server, 2 node servers
- B . 1 main DB, 1 application server, 3 node servers
- C . 2 application servers, 1 main DB, 1 node server
- D . 1 application server, 2 main DBs, 1 node server
To avoid exceeding API quotas for third-party services, indicators are only updated after the indicator cache expiration period.
What is the default cache expiration period for indicators in XSOAR (minutes/days)?
- A . 10,080 minutes (7 days)
- B . 20,160 minutes (14 days)
- C . 21,600 minutes (15 days)
- D . 4,320 minutes (3 days)
Can an automation script execute an integration command and an integration command execute an automation script?
- A . An automation script cannot execute an integration command and an integration command cannot execute an automation script
- B . An automation script can execute an integration command and an integration command cannot execute an automation script
- C . An automation script cannot execute an integration command and an integration command can execute an automation script
- D . An automation script can execute an integration command and an integration command can execute an automation script
An analyst wants to run a script to remove usernames from an incident before the incident becomes active in XSOAR.
How can this be achieved?
- A . Run an automation script in the Playground to remove usernames from the incident.
- B . Create a pre-processing rule that runs an automation script to remove usernames from the incident as it comes into XSOAR.
- C . Run an automation script on the XSOAR server to remove usernames from the incident.
- D . Create a playbook task to remove the usernames from the incident.
What is the correct definition regarding integration parameters and command arguments?
- A . Parameters are global variables which means that every command can use these configurable options in order to run. Arguments are shared with other commands and must be present for each command.
- B . Parameters are local variables which means that every command can use these configurable options in order to run. Arguments are shared with other commands and must be present for each command.
- C . Parameters are local variables which means that every command can use these configurable options in order to run. Arguments are specific to only one command.
- D . Parameters are global variables which means that every command can use these configurable options in order to run. Arguments are specific to only one command.
Email Subject C “You have won a million dollars”
What is the correct query syntax for the above incident search filter?
- A . status==“Pending“ && category!=”job” && severity==”High” && owner==”None” && type==”Phishing” && emailsubject==”You have won a million dollars”
- B . Status:Pending and CCategory:job and Severity:High and Owner:”” and Type:Phishing and Email Subject:You have won a million dollars
- C . status:Pending and Ccategory:job and severity:High and owner:”” and type:Phishing and emailsubject:”You have won a million dollars”
- D . status:Pending or Ccategory:job or severity:High or owner:”” or type:Phishing or emailsubject:”You have won a million dollars”
What is the correct expression to use when filtering only PDF files?
- A . Use File.Extension that does not equal (string comparison) PDF
- B . Use File.Name contains PDF
- C . Use File.Extension contains (general) PDF
- D . Use File.Extension equals (string comparison) PDF
When developing the playbook, which of the following can be used by a XSOAR Administrator?
- A . The Debugger panel to test data with one of last five incidents. This will affect the incident’s original incident data.
- B . Context data from existing incidents by exporting the YAML data from incidents and importing it to playbook editor.
- C . Debugger panel and XML data from a similar incident with New Mock Incident. This will not affect the incidents original incident data.
- D . The Debugger panel to test data with one of last fifty incidents. This will not affect the incident’s original incident data.