New Year Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

An engineer’s organization system is registered in the following manner: . The engineer created a new indicator type for detecting systems using regex. The engineer would now like the username to be created as a separate ‘User’ indicator automatically once a system is found.

What is the most efficient way for the engineer to achieve this?

A.

Create a custom indicator field named ‘username’ and link it to the internal system indicator

B.

Change the reputation command for the internal system indicator type

C.

Create a new indicator type of the internal username and set a formatting script to extract only theusername

D.

Create a new indicator type of the internal username and have the regex included on any string that has dash at the beginning

Which field type should be used to hold more than 60,000 characters of unformatted text?

A.

Short Text

B.

HTML

C.

Long Text

D.

Markdown

What is the result of an indicator being marked as expired?.

A.

It still exists and can be searched.

B.

It is immediately deleted from the database.

C.

It still exists but is not searchable.

D.

It is deleted from the database after seven days.

When browsing the Marketplace for new content packs, which details about each pack are you able to view?

A.

The integration’s source code

B.

A summary of each version history

C.

A test instance for the content pack

D.

The source code of each playbook

How would context data be filtered to receive only malicious indicator values with DBotScore?

A.

Get DBotScore.value where DBotScore.Score (Larger or equals) 4

B.

Get DBotScore.value where DBotScore.Score (equals (int)) 3

C.

Get DBotScore where DBotScore.Score (Larger than) 1

D.

Get DBotScore where DBotScore.Score (Larger or equals) 2

Threat Intel search queries can be shared with which of the following? (Select 1)

A.

Users defined in the platform (email or username)

B.

Other organizations via the Marketplace

C.

Users outside XSOAR via email invite

D.

Roles defined in the platform

Which two capabilities do Automation script settings include? (Choose two.)

A.

Define ‘parameters’

B.

Correlate to incident types

C.

Define ‘outputs’

D.

Set password protection

When creating a new tab in the layout, which section cannot be added?

A.

Retrieve widget chart based on script

B.

Related incidents

C.

War room entries picked by entry query

D.

Incident team members

Assuming an incident type configuration runs the associated playbook automatically, which pre-process rule action can preserve matching incidents without triggering the playbook?.

A.

Close.

B.

Update.

C.

Drop.

D.

Link.

An engineer is developing a playbook that will be run multiple times for testing purposes. What is the recommended first task to be used in the playbook?

A.

DeleteContext

B.

GenerateTest

C.

PrintContext

D.

SetContext