In which two scenarios would it be appropriate to implement a loop for a sub-playbook? (Choose two.)

In which two scenarios would it be appropriate to implement a loop for a sub-playbook? (Choose two.)A . In repetitive process flows to iterate for each playbook inputB . When continuously ingesting incidents from third-party systemsC . In repetitive process flows with no more than 10 loopsD . In repetitive...

February 5, 2024 No Comments READ MORE +

Which method accesses a field called ‘User Mail’ in a playbook?

Which method accesses a field called ‘User Mail’ in a playbook?A . ${incident.usermail} B. ${incident.User Mail} C. ${incident.UserMail} D. ${usermail}View AnswerAnswer: A

June 1, 2023 No Comments READ MORE +

What is the default configuration for indicator auto-extraction when incidents are created?

What is the default configuration for indicator auto-extraction when incidents are created?A . Inline B. Inband C. None D. Out of bandView AnswerAnswer: A

May 31, 2023 No Comments READ MORE +

How would context data be filtered to receive only malicious indicator values with DBotScore?

How would context data be filtered to receive only malicious indicator values with DBotScore?A . Get DBotScore.value where DBotScore.Score (Larger or equals) 4 B. Get DBotScore.value where DBotScore.Score (equals (int)) 3 C. Get DBotScore where DBotScore.Score (Larger than) 1 D. Get DBotScore where DBotScore.Score (Larger or equals) 2View AnswerAnswer: B...

May 31, 2023 No Comments READ MORE +

Which of the following are valid methods to contribute custom content? (Choose three.)

Which of the following are valid methods to contribute custom content? (Choose three.)A . Submit content directly through feature requests B. Private GitHub repository submission for premium content C. A Github pull request on the public XSOAR Content Repository D. Using the marketplace interface to upload the content E. Using...

May 31, 2023 No Comments READ MORE +

Match the operations with the appropriate context

DRAG DROP Match the operations with the appropriate context. View AnswerAnswer:

May 30, 2023 No Comments READ MORE +

How can the field be accessed?

An incident field is created having the display name as Source_IP. How can the field be accessed?A . ${incident.sourceip} B. ${incident.Source_IP} C. ${incident.srcip} D. ${incident.Source IP}View AnswerAnswer: C

May 30, 2023 No Comments READ MORE +

How long is the trial period for paid content packs?

How long is the trial period for paid content packs?A . 30 days B. 14 days C. 7 days D. 60 daysView AnswerAnswer: A Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-admin/marketplace/marketplace-subscriptions.html

May 30, 2023 No Comments READ MORE +

Which tag must be applied to an Automation Script in order for it to be available when configuring an Indicator Type?

Which tag must be applied to an Automation Script in order for it to be available when configuring an Indicator Type?A . reputation-script B. enrich C. reputationScript D. reputationView AnswerAnswer: C

May 30, 2023 No Comments READ MORE +

Which two components have their own context data? (Choose two.)

Which two components have their own context data? (Choose two.)A . Sub-playbook B. Task C. Field D. IncidentView AnswerAnswer: A,D

May 30, 2023 No Comments READ MORE +