New Year Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

An administrator has noticed that an incident fetch has failed, causing several internal workflows to be backed up. The administrator would like to receive notifications the next time the incident fetch fails.

How can they achieve this?

A.

Create a custom playbook that sends an email each time the fetch fails.

B.

Create a new integration that monitors the incident fetch and sends an email if the fetch fails.

C.

Schedule a job that runs and monitors incidents in XSOAR that will send an email if there are no new incidents.

D.

Add a server config to notify when incident fetch fails.

An administrator has noticed that an integration has failed to fetch incidents. Where would they go to download logs to troubleshoot the error?

A.

Go to the Marketplace > Download the Fix my XSOAR playbook pack > Run the playbook > Download logs from War Room

B.

Settings > About > Troubleshooting > Set Log Level to Debug > Download Logs

C.

Dashboards & Reports > System Health

D.

Settings > About > System Diagnostics

What is the default configuration for indicator auto-extraction when incidents are created?

A.

Inline

B.

Inband

C.

None

D.

Out of band

Which field type should be used to hold more than 60,000 characters of unformatted text?

A.

Short Text

B.

HTML

C.

Long Text

D.

Markdown

An engineer’s organization system is registered in the following manner: . The engineer created a new indicator type for detecting systems using regex. The engineer would now like the username to be created as a separate ‘User’ indicator automatically once a system is found.

What is the most efficient way for the engineer to achieve this?

A.

Create a custom indicator field named ‘username’ and link it to the internal system indicator

B.

Change the reputation command for the internal system indicator type

C.

Create a new indicator type of the internal username and set a formatting script to extract only the

username

D.

Create a new indicator type of the internal username and have the regex included on any string that has dash at the beginning

Which playbook will a job run by default?

A.

The playbook assigned to the incident type

B.

The playbook assigned to the indicator type

C.

The playbook assigned during pre-processing

D.

The playbook assigned by the integration

On the System Diagnostics page, what is the default minimum size for a Work Plan to be considered big?

A.

2MB

B.

3MB

C.

1MB

D.

5MB

An organization has recently acquired another company as its subsidiary. The subsidiary has its infrastructure on AWS cloud as illustrated in the image below:

The organization wants to use the mail server location on the subsidiary's cloud to send emails. Without acquiring additional licenses, which XSOAR component can fulfill the requirement?

A.

XSOAR D2 Agents, to send the required emails.

B.

An XSOAR engine that is downloaded from the XSOAR server and installed within the subsidiary.

C.

Another XSOAR server that uses the same license as their primary XSOAR server.

D.

A Linux server connected with an XSOAR server using SSH integration. Commands can be run remotely to access the mail server.

You can customize most aspects of the incident layout, including which three of the following? (Choose three.)

A.

Which users have permissions to view the tabs

B.

Which roles have permissions to view the tabs

C.

Which dashboard settings are applied

D.

The information and how is it displayed

E.

Which tabs appear and in which order

How would context data be filtered to receive only malicious indicator values with DBotScore?

A.

Get DBotScore.value where DBotScore.Score (Larger or equals) 4

B.

Get DBotScore.value where DBotScore.Score (equals (int)) 3

C.

Get DBotScore where DBotScore.Score (Larger than) 1

D.

Get DBotScore where DBotScore.Score (Larger or equals) 2