PCSAE Palo Alto Networks Certified Security Automation Engineer Questions and Answers

To track SLA breaches per playbook

To run a script that executes on SLA assignment

To automatically alert the analyst on SLA breach

To count the time between one or more tasks

Store incident information in JSON format

Store incident information in XML format

Pass data between playbook tasks

Pass data between to-do tasks

setIncident

Set

GetFieldsByIncidentType

modifyIncidentFields

Mark ignore output = true

Use extend-context

Use raw-response = save

Mark ignore input = true

The playbook assigned to the incident type

The playbook assigned to the indicator type

The playbook assigned during pre-processing

The playbook assigned by the integration

Pre-processing

Incident creation

Classification

Playbook execution

Share the dashboard in Read and Edit mode for senior analysts.

Share the dashboard in Read & Edit mode for senior analysts and Read Only for juniors analysts.

Share the dashboard in Read and Write mode for senior analysts.

Share the dashboard in Read Only mode for junior analysts and senior analysts.

The audit log

The log bundle

The source code for an integration

The error message returned directly below the button

The playground war room

By default, every 24 hours, the system closes any debugger sessions that have been open for more than 180 minutes.

The session must be stopped during 180 minutes manually by administrator, user will receive notification automatically.

The session will be running till stopped manually by administrator.

By default, the system closes automatically any debugger session that have been open 180 minutes.

Create a new indicator type and disable the built-in IP indicator

Edit the regex of the default IP Indicator

Add a new server configuration key that will overwrite the default regex of the IP indicator

Delete the default IP indicator

Context, file, error, image

Note, indicator, error, image

Video, file, error, image

Note, file, error, image

Automation

Built-in

Data collection

Conditional

For-each

!incidentSet description="Confirmed Phishing"

/incidentSet description=Confirmed Phishing

!setIncident description="Confirmed Phishing"

/setIncident description=Confirmed Phishing

To loop the sub-playbook over all context values present in the investigation

To loop the sub-playbook over all incident fields for the given incident

To loop the sub-playbook over all the fields marked as important

To loop the sub-playbook over all defined sub-playbook inputs

When creating incidents from the XSOAR REST API

When manually creating an incident from the UI

When adding a new analyst account to XSOAR

When fetching many different incident types from a single mailbox

Populate the custom indicator field with the built-in !SetIndicator command.

Add HTML to a list using !setList and use it as an HTML template to populate the custom indicator field.

Create a custom Indicator Mapper and populate the custom indicator field.

Use the Mapping option in the playbook task that generates the HTML report to populate the custom indicator field.

The Debugger panel to test data with one of last five incidents. This will affect the incident’s original incident data.

Context data from existing incidents by exporting the YAML data from incidents and importing it to playbook editor.

Debugger panel and XML data from a similar incident with New Mock Incident. This will not affect the incidents original incident data.

The Debugger panel to test data with one of last fifty incidents. This will not affect the incident’s original incident data.

Download content for offline installation

Uninstall content pack

Update to x version

Revert to x version

Default Dashboard can be defined by ‘Role’

Use the server configuration key: default.dashboards

Save the dashboard as a widget and apply it to all users

Right click on the dashboard tab and ‘Set as Default’