DRAG DROP
Match the action with the most appropriate playbook task type.
Select and Place:
DRAG DROP
Match the corresponding action with the appropriate playbook tasks.
Select and Place:
An engineer notices that playbooks only start once the user clicks the `investigate' button and he/she would like the playbook to start automatically. How can this be implemented?
A. Add the playbook to the integration's settings
B. Select `Run playbook automatically' from the incident type settings
C. Add the !startinvestigation automation to the beginning of the playbook
D. Select `Run playbook automatically' from the integration settings
How long is the trial period for paid content packs?
A. 30 days
B. 14 days
C. 7 days
D. 60 days
Which three options can be defined in the layout settings? (Choose three.)
A. Set of fields to present
B. Permission to view the tab based on `Users'
C. Permission to view the tab based on `Roles'
D. Delete built-in tabs including the war room
E. Dynamic sections
An engineer defined a dashboard which allows important metrics to be displayed. The engineer would like to make this dashboard the default dashboard. How can it be accomplished?
A. Default Dashboard can be defined by `Role'
B. Use the server configuration key: default.dashboards
C. Save the dashboard as a widget and apply it to all users
D. Right click on the dashboard tab and `Set as Default'
Incidents need to be filtered by all of the following criteria:
1.
Status – Pending
2.
Exclude Category – Job
3.
Severity – High
4.
Owner – None (No owner assigned)
5.
Type – Phishing
6.
Email Subject – “You have won a million dollars”
What is the correct query syntax for the above incident search filter?
A. status==“Pending“ andand category!=”job” andand severity==”High” andand owner==”None” andand type==”Phishing” andand emailsubject==”You have won a million dollars”
B. Status:Pending and –Category:job and Severity:High and Owner:”” and Type:Phishing and Email Subject:You have won a million dollars
C. status:Pending and –category:job and severity:High and owner:”” and type:Phishing and emailsubject:”You have won a million dollars”
D. status:Pending or –category:job or severity:High or owner:”” or type:Phishing or emailsubject:”You have won a million dollars”
What are two primary uses of standard tasks? (Choose two.)
A. To highlight different paths in a playbook
B. To generate new widgets for a dashboard
C. To create an incident or escalate an existing incident
D. To automate tasks such as parsing a file or enriching indicators
What is the default task type when creating an empty task?
A. Standard (Manual)
B. Conditional
C. Section header
D. Standard (Automated)
An XSOAR Engineer has developed a playbook and would like to contribute it to the XSOAR Marketplace to share with other users.
Which two options are available to the Engineer for contributing to the Marketplace? (Choose two.)
A. Open a ticket with the XSOAR support team
B. Create a pull request directly on Github
C. Contribute through the XSOAR UI
D. Send an email to [email protected]