XSOAR-Engineer 시험 - Paloalto Networks실제시험문제와 답 - 51문항

Question No : 1

What is the biggest advantage of incident preprocessing compared to postprocessing?

A.It runs before ingestion, preventing unnecessary incidents
B.It integrates with SLA timers
C.It provides dashboard metrics
D.It only applies after closure

정답:
Explanation:
Preprocessing runs before incidents are created, allowing filtering, deduplication, or enrichment. This prevents “noise” from overwhelming SOC analysts. Postprocessing runs only after closure.

Question No : 2

Which two methods can automatically populate lists? (Choose two)

A.Playbooks writing new entries
B.Postprocessing scripts updating values
C.Manual analyst-only input
D.Audit logs

정답:
Explanation:
Playbooks and postprocessing scripts can dynamically update lists (e.g., add new malicious IPs). Manual input works, but automation ensures scalability. Audit logs cannot populate lists.

Question No : 3

Which list type is best for tracking malicious IPs to be blocked in firewalls?

A.Whitelist
B.Blacklist
C.Reference list
D.Static lookup table

정답:
Explanation:
A blacklist is best for malicious IPs/domains. It can be dynamically updated by playbooks to push blocks into security controls (e.g., PAN-OS firewalls).

Question No : 4

When configuring incident types, what ensures consistent workflows across similar cases?

A.Assigning default playbooks and layouts
B.Using manual analyst review only
C.Disabling preprocessing rules
D.Avoiding SLA timers

정답:
Explanation:
Consistency is achieved by linking incident types with playbooks, layouts, and SLAs. This standardizes workflows and reduces analyst decision fatigue.

Question No : 5

Which two are valid outcomes of postprocessing scripts? (Choose two)

A.Generating PDF incident reports
B.Notifying SOC managers about closed cases
C.Changing classifier rules
D.Reassigning RBAC roles

정답:
Explanation:
Postprocessing scripts can generate reports and send notifications upon closure. Classifiers and RBAC are static configurations, not postprocessing outcomes.

Question No : 6

Which element links an external system’s incident type to a specific XSOAR incident type?

A.Classifier
B.Mapper
C.SLA policy
D.Layout configuration

정답:
Explanation:
Classifiers map external system incident categories to XSOAR incident types. Mappers handle field transformations but don’t decide type linkage.

Question No : 7

Which two incident preprocessing actions help avoid duplication? (Choose two)

A.Dropping incidents with same source and ID
B.Normalizing field values before creation
C.Deleting existing integrations
D.Restricting RBAC roles

정답:
Explanation:
Preprocessing can detect duplicates using unique IDs and normalize incoming data (e.g., email casing).
This avoids redundant incidents. RBAC and integration deletion are unrelated.

Question No : 8

Which of the following is a best practice for managing lists?

A.Keep lists static to avoid automation errors
B.Use lists dynamically in playbooks for filtering decisions
C.Limit lists only to incident fields
D.Disable list versioning

정답:
Explanation:
Dynamic list usage in playbooks allows adaptive automation (e.g., skip actions if value is in whitelist).
Keeping lists static reduces flexibility, while versioning ensures rollback.

Question No : 9

Which two functions can lists provide in Cortex XSOAR? (Choose two)

A.Whitelisting or blacklisting values in playbooks
B.Storing reference data for automations
C.Overwriting RBAC permissions
D.Hosting integration logs

정답:
Explanation:
Lists can be used for dynamic whitelists/blacklists (e.g., known safe domains) or as reference data in playbooks/scripts. They do not impact RBAC or logging directly.

Question No : 10

Which incident creation method provides the most flexibility for external automation?

A.Manual creation
B.Email ingestion
C.REST API creation
D.Preprocessing scripts

정답:
Explanation:
The REST API allows external systems to push incidents programmatically, making it the most flexible and scalable method. Email ingestion and manual creation are less efficient.

Question No : 11

Which two SLA-related actions can XSOAR perform automatically? (Choose two)

A.Escalate overdue incidents
B.Trigger notifications on SLA breaches
C.Reboot engines for failed tasks
D.Update Marketplace packs

정답:
Explanation:
XSOAR can escalate overdue incidents (to senior analysts) and send notifications when SLA timers breach. System reboots and pack updates are unrelated to SLAs.

Question No : 12

What is the primary purpose of SLA timers in incident types?

A.To enforce RBAC restrictions
B.To measure time-to-response and resolution
C.To schedule system upgrades
D.To control Marketplace pack updates

정답:
Explanation:
SLAs track metrics like time-to-respond or time-to-resolve, ensuring analysts meet compliance and operational requirements. They are tied to incident workflows, not system maintenance.

Question No : 13

Why is it important to associate layouts with incident types?

A.To enforce authentication policies
B.To display fields and tabs relevant to the incident category
C.To improve server processing speed
D.To reduce number of engines required

정답:
Explanation:
Linking layouts to incident types ensures analysts see relevant fields (e.g., phishing evidence for phishing incidents). This improves usability and investigation efficiency.

Question No : 14

Which element defines the default playbook that runs when a specific incident type is created?

A.Mapper
B.Classifier
C.Incident type configuration
D.SLA policy

정답:
Explanation:
Incident type definitions include the default playbook assignment. Classifiers/mappers decide type mapping, but the playbook binding occurs at the incident type configuration level.

Question No : 15

Which two tasks are suitable for postprocessing scripts? (Choose two)

A.Sending closure updates to ServiceNow
B.Updating custom dashboards
C.Adjusting playbook triggers
D.Changing default layouts

정답:
Explanation:
Postprocessing scripts are typically used for notifying external systems (e.g., ServiceNow, Jira) and updating dashboards/metrics. Layout and playbook changes are design-time, not postprocessing.

Paloalto Networks XSOAR-Engineer 시험