51) When uploading content, which two options could the upload include? (Choose two.)
- A. Indicators
- B. Incidents
- C. Reports
- D. Fields
- A. Indicators
- C. Reports
52) An engineer defined a dashboard which allows important metrics to be displayed. The engineer would like to make this dashboard the default dashboard.
How can it be accomplished?
- A. Default Dashboard can be defined by ‘Role’
- B. Use the server configuration key: default.dashboards
- C. Save the dashboard as a widget and apply it to all users
- D. Right click on the dashboard tab and ‘Set as Default’
- A. Default Dashboard can be defined by ‘Role’
53) How would context data be filtered to receive only malicious indicator values with DBotScore?
- A. Get DBotScore.value where DBotScore.Score (Larger or equals) 4
- B. Get DBotScore.value where DBotScore.Score (equals (int)) 3
- C. Get DBotScore where DBotScore.Score (Larger than) 1
- D. Get DBotScore where DBotScore.Score (Larger or equals) 2
- B. Get DBotScore.value where DBotScore.Score (equals (int)) 3
54) Can an automation script execute an integration command and an integration command execute an automation script?
- A. An automation script cannot execute an integration command and an integration command cannot execute an automation script
- B. An automation script can execute an integration command and an integration command cannot execute an automation script
- C. An automation script cannot execute an integration command and an integration command can execute an automation script
- D. An automation script can execute an integration command and an integration command can execute an automation script
- B. An automation script can execute an integration command and an integration command cannot execute an automation script
55) Which two options will troubleshoot an integration’s fetch incidents command? (Choose two.)
- A. In the instance settings, enable the fetch incidents parameter and wait for one minute
- B. Create a one task playbook with a fetch-incident command
- C. execute !<integration_instance_name>-fetch</integration_instance_name>
- D. execute !<integration_name>-fetch</integration_name>
- A. In the instance settings, enable the fetch incidents parameter and wait for one minute
- C. execute !<integration_instance_name>-fetch</integration_instance_name>
56
56
57) Incidents need to be filtered by all of the following criteria:
1. Status " Pending
2. Exclude Category ” Job
3. Severity " High
4. Owner ” None (No owner assigned)
5. Type " Phishing
6. Email Subject ” You have won a million dollars
What is the correct query syntax for the above incident search filter?
- A. status==ג€Pendingג€ && category!=ג€jobג€ && severity==ג€Highג€ && owner==ג€Noneג€ && type==ג€Phishingג€ && emailsubject==ג€You have won a million dollars ג €
- B. Status:Pending and ג€”Category:job and Severity:High and Owner:ג€ג€ and Type:Phishing
and Email Subject:You have won a million dollars - C. status:Pending and ג€”category:job and severity:High and owner:ג€ג€ and type:Phishing and emailsubject:ג€You have won a million dollars ג €
- D. status:Pending or ג€”category:job or severity:High or owner:ג€ג€ or type:Phishing or emailsubject:ג€You have won a million dollarsג€
- C. status:Pending and ג€”category:job and severity:High and owner:ג€ג€ and type:Phishing and emailsubject:ג€You have won a million dollars ג €
58) What does Script helper contain?
- A. Available commands
- B. Permission settings
- C. Automation version history
- D. Automation timeout configuration
- A. Available commands
59) When mapping incoming data to incident fields, which statement is correct?
- A. Data that is not mapped is placed under labels
- B. Only text fields are classified
- C. Classification cannot be used if mapping is enabled
- D. Every incoming field must be mapped
- A. Data that is not mapped is placed under labels
60) Which two situations would an engineer consider when configuring classification and mapping for an incident type? (Choose two.)
- A. When creating incidents from the XSOAR REST API
- B. When manually creating an incident from the UI
- C. When adding a new analyst account to XSOAR
- D. When fetching many different incident types from a single mailbox
- A. When creating incidents from the XSOAR REST API
- D. When fetching many different incident types from a single mailbox
61) Which two options may be added when a content pack is being installed? (Choose two.)
- A. Lists
- B. Roles
- C. Other content packs
- D. Indicator layouts
- C. Other content packs
- D. Indicator layouts
62) Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
- A. Python
- B. Perl
- C. Go
- D. JavaScript
- E. Powershell
- A. Python
- D. JavaScript
- E. Powershell
63) What are two primary uses of standard tasks? (Choose two.)
- A. To highlight different paths in a playbook
- B. To generate new widgets for a dashboard
- C. To create an incident or escalate an existing incident
- D. To automate tasks such as parsing a file or enriching indicators
- C. To create an incident or escalate an existing incident
- D. To automate tasks such as parsing a file or enriching indicators
64) An engineer would like to change an incident’s SLA according to the severity field changes. How can the engineer achieve this task?
- A. Use a field trigger script
- B. Use a field display script
- C. Create a job that queries for incident severity changes
- D. Change the SLA manually every time the severity changes
- A. Use a field trigger script
65) What are three different loop types in a playbook? (Choose three.)
* A. Automation
* B. Built-in
* C. Data collection
* D. Conditional
* E. For-each
- A. Automation
- B. Built-in
- E. For-each
66) What are two common use cases for conditional tasks? (Choose two.)
- A. They are used for branching paths in a playbook
- B. They are used to interact with users through survey functionality
- C. They are used to determine which incident will be executed
- D. They are used for sending a specific question to a person or team
- A. They are used for branching paths in a playbook
- D. They are used for sending a specific question to a person or team
67) An engineer wants to customize the regex for the default IP indicator type.
How can this change be implemented?
- A. Create a new indicator type and disable the built-in IP indicator
- B. Edit the regex of the default IP Indicator
- C. Add a new server configuration key that will overwrite the default regex of the IP indicator
- D. Delete the default IP indicator
- A. Create a new indicator type and disable the built-in IP indicator
68) In which two scenarios would it be appropriate to implement a loop for a sub-playbook? (Choose two.)
- A. In repetitive process flows to iterate for each playbook input
- B. When continuously ingesting incidents from third-party systems
- C. In repetitive process flows with no more than 10 loops
- D. In repetitive processes that requires sub-playbook re-execution
- A. In repetitive process flows to iterate for each playbook input
- D. In repetitive processes that requires sub-playbook re-execution
69) Which configuration is a valid distributed database (DB) implementation?
- A. 2 main DBs, 1 application server, 2 node servers
- B. 1 main DB, 1 application server, 3 node servers
- C. 2 application servers, 1 main DB, 1 node server
- D. 1 application server, 2 main DBs, 1 node server
- B. 1 main DB, 1 application server, 3 node servers
70) An engineer would like to add a custom field to the New Job form for a job triggered from a threat intel feed.
How would the engineer implement this?
- A. The new job form changes based on the threat intel feed integration configuration
- B The new job form can be edited from the Indicator Feed incident type editor
- C. The new job form for a threat intel feed job cannot be edited
- D. The new job form can be edited from the threat intel feeds integration settings
- B The new job form can be edited from the Indicator Feed incident type editor
71) An automation returned an output called: csvReport.
What filter would be used to check if the automation returned results?
- A. Contains/Includes
- B. Equals/Matches
- C. In/In list
- D. Is defined/Exist
- D. Is defined/Exist
72) What is the difference between labels and fields?
- A. Fields can be used in playbooks and labels cannot
- B. Fields are indexed in the database and labels are not
- C. Labels can be used in queries and fields cannot
- D. Labels are indexed in the database and fields are not
- B. Fields are indexed in the database and labels are not
73) What is the default task type when creating an empty task?
- A. Standard (Manual)
- B. Conditional
- C. Section header
- D. Standard (Automated)
- A. Standard (Manual)
74) Which two methods are used to add new content to the XSOAR Content Repository? (Choose two.)
- A. Create content and add it to the standard content by contributing through the Marketplace
- B. Use the XSOAR GitHub Contribution Guide to add the contribution to the standard content
- C. Create a support ticket with the custom content for review by the support team
- D. Any custom content will be automatically uploaded to the content repository
- A. Create content and add it to the standard content by contributing through the Marketplace
- B. Use the XSOAR GitHub Contribution Guide to add the contribution to the standard content
