3 Months Free Update
3 Months Free Update
3 Months Free Update
An engineer is developing a playbook that will be run multiple times for testing purposes. What is the recommended first task to be used in the playbook?
Which two statements describe how timers are configured to start and stop automatically in a playbook? (Choose two.)
An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users.
Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)
Which three actions can an engineer take on the troubleshooting page? (Choose three.)
What will happen if a playbook debugger is left running for more than 24 hours?
When browsing the Marketplace for new content packs, which details about each pack are you able to view?
You can customize most aspects of the incident layout, including which three of the following? (Choose three.)
In which two ways can data be transferred between playbooks and sub-playbooks? (Choose two.)
Which two solutions are available to scale an overloaded XSOAR environment? (Choose two.)
An administrator has noticed that an integration has failed to fetch incidents. Where would they go to download logs to troubleshoot the error?
For troubleshooting, after a log bundle is created, where do the logs appear on the XCSOAR server?
A SOC manager built a dashboard and would like to share the dashboard with other team members. How would the SOC manager create a dashboard that meets this requirement?
When mapping incoming data to incident fields, which statement is correct?
An incident field is created having the display name as Source_IP. How can the field be accessed?
Which of the following is a prerequisite to editing out-of-the-box (OOTB) content?
Given an incident with three files, how could the name of the second file be referenced?
Which two reasons would lead an engineer to create a custom widget? (Choose two.)
Which three types of information are displayed on the incident Quick View? (Choose three.)
An engineer notices that playbooks only start once the user clicks the ‘investigate’ button and he/she would like the playbook to start automatically.
How can this be implemented?
What is used to trigger playbooks automatically based on the classification of an incident?
Where do you navigate to monitor and improve the system performance and resilience for hosts in a multitenant environment?
An engineer defined a dashboard which allows important metrics to be displayed. The engineer would like to make this dashboard the default dashboard.
How can it be accomplished?
A SOC analyst needs to retrieve the list of all open phishing incidents in the last 30 days. What is the correct query to use?
Which of the following are valid methods to contribute custom content? (Choose three.)
Which of these would be the most operationally efficient repository for moving XSOAR custom content from a development server to a production environment?
An organization has recently acquired another company as its subsidiary. The subsidiary has its infrastructure on AWS cloud as illustrated in the image below:
The organization wants to use the mail server location on the subsidiary's cloud to send emails. Without acquiring additional licenses, which XSOAR component can fulfill the requirement?
Which option is available in XSOAR to create the body of a Threat Intel Report?
Which two methods are used to add new content to the XSOAR Content Repository? (Choose two.)
Which tag must be applied to an Automation Script in order for it to be available when configuring an Indicator Type?
Which two options will troubleshoot an integration’s fetch incidents command? (Choose two.)
In which three locations can an engineer try to find information, when troubleshooting a failed integration instance error produced by the test button? (Choose three.)
Which three scripting languages can an engineer use to write XSOAR automations? (Choose three.)
An automation returned an output called: csvReport.
What filter would be used to check if the automation returned results?
Inside the Incidents table view, which actions can be performed on the selected incidents? (Choose two.)