Which built-in automation/command cab be used to change an incident’s type?
Which built-in automation/command cab be used to change an incident’s type?A . setIncidentB . SetC . GetFieldsByIncidentTypeD . modifyIncidentFieldsView AnswerAnswer: A Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/incidents/incidents- management/incident-fields/field-trigger-scripts.html
Which two incident search queries are valid? (Choose two.)
Which two incident search queries are valid? (Choose two.)A . created:>=”7 days”B . owner===adminC . role is AnalystD . status:closed Ccategory:jobView AnswerAnswer: A,D Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/5-5/cortex-xsoar-admin/cortex-xsoar-overview/how-to-search-in-cortex-xsoar.html
What is this option used to?
During configuration of the inputs of a sub-playbook in the main playbook, there is an option under the Loop tab called "For Each Input". What is this option used to?A . To loop the sub-playbook over all context values present in the investigationB . To loop the sub-playbook over all...
What do A and F stand for?
Reliability scores in XSOAR range from A through F. What do A and F stand for?A . F - Reliability cannot be judged, A - Completely ReliableB . F - Not reliable, A - Usually ReliableC . F - Not usually reliable, A - Fairly ReliableD . F - Unreliable,...
How is data transferred between playbook tasks?
How is data transferred between playbook tasks?A . Read/Write from context dataB . Over war room resultsC . Input from the indicator pageD . Directly from a previous taskView AnswerAnswer: A
Where can engineers add the post-processing scripts to incidents?
Where can engineers add the post-processing scripts to incidents?A . The post-processing tag must be added to the automationB . Post-processing scripts must be added at the end of playbooksC . Post-processing scripts must be added from the Incident Type editorD . Post-processing scripts must be added from the Post-Process...
How can the field be accessed?
An incident field is created having the display name as Source_IP. How can the field be accessed?A . ${incident.sourceip}B . ${incident.Source_IP}C . ${incident.srcip}D . ${incident.Source IP}View AnswerAnswer: A
What are two common use cases for conditional tasks? (Choose two.)
What are two common use cases for conditional tasks? (Choose two.)A . They are used for branching paths in a playbookB . They are used to interact with users through survey functionalityC . They are used to determine which incident will be executedD . They are used for sending a...
Which two statements accurately describe layouts? (Choose two.)
Which two statements accurately describe layouts? (Choose two.)A . Layouts override classification and mappingB . New tabs can be added to the incident layoutC . Layouts can display incident information and custom fieldsD . Layouts add or remove custom fields from an incident typeView AnswerAnswer: B,C
Match the action with the most appropriate playbook task type
DRAG DROP Match the action with the most appropriate playbook task type. View AnswerAnswer: Explanation: https://www.jaacostan.com/2021/02/palo-alto-cortex-xsoar-playbook-icons.html