A.  

Navigate to SettingsView the configured integrations and select Active Directory AuthenticationDelete all integration instances and add all integration instances again

B.  

Navigate to MarketplaceView the installed content pack and select Active Directory content packSelect version 1.4.6 and click on "Revert to this version"

C.  

Navigate to SettingsView the configured integrations and select Active Directory QueryDelete all integration instances and add all integration instances again

D.  

Navigate to MarketplaceView the installed content pack and select Active Directory content packClick on uninstall content packNavigate to Marketplace browser and reinstall the Active Directory content pack

A.  

Create a custom indicator field named ‘username’ and link it to the internal system indicator

B.  

Change the reputation command for the internal system indicator type

C.  

Create a new indicator type of the internal username and set a formatting script to extract only theusername

D.  

Create a new indicator type of the internal username and have the regex included on any string that has dash at the beginning

A.  

Live backup (disaster recovery)

B.  

Distributed database

C.  

Backup data to XSOAR engines

D.  

Local backup

A.  

Mapping.

B.  

Playbook execution.

C.  

Ingestion.

D.  

Classification.

A.  

Active.

B.  

Pending.

C.  

Waiting.

D.  

In-progress.

A.  

Standard (Manual)

B.  

Conditional

C.  

Section header

D.  

Standard (Automated)

A.  

Download content for offline installation

B.  

Uninstall content pack

C.  

Update to x version

D.  

Revert to x version

A.  

F - Reliability cannot be judged, A - Completely Reliable

B.  

F - Not reliable, A - Usually Reliable

C.  

F - Not usually reliable, A - Fairly Reliable

D.  

F - Unreliable, A - Completely Reliable

A.  

When creating incidents from the XSOAR REST API

B.  

When manually creating an incident from the UI

C.  

When adding a new analyst account to XSOAR

D.  

When fetching many different incident types from a single mailbox

A.  

debug-mode.

B.  

auto extract.

C.  

raw-response.

D.  

extend-parent-context.

A.  

Section headers

B.  

Rows

C.  

Canvas

D.  

Cards

A.  

Manually share the dashboard through user emails

B.  

Dashboard is shared to all XSOAR users

C.  

Propagate the dashboard based on SAML authentication

D.  

Dashboard is shared to all XSOAR users in a selected role

A.  

The playbook assigned to the incident type

B.  

The playbook assigned to the indicator type

C.  

The playbook assigned during pre-processing

D.  

The playbook assigned by the integration

A.  

Remote repository based content sharing

B.  

UI based content import/export button

C.  

Copy the content backup from one environment file system (/var/lib/demisto/backup/content- backup-*) and move it to the other environment

D.  

Download the content items separately and upload them to the other environment

A.  

Set of fields to present

B.  

Permission to view the tab based on ‘Users’

C.  

Permission to view the tab based on ‘Roles’

D.  

Delete built-in tabs including the war room

E.  

Dynamic sections

A.  

The commands must return a proper result to the war room for the analysts to understand

B.  

The code may not be written to XSOAR standards

C.  

The integrations are locked and cannot be edited with additional commands

D.  

The custom integration will not be maintained and updated by XSOAR content team

A.  

Edit Queue Handling settings of the job.

B.  

Verify that the "Continue on Error" box is checked in the job.

C.  

Adjust the Role-Based Access Control (RBAC) of the incident type.

D.  

Ensure the last playbook task runs closeInvestigation.

A.  

Tagging the script with Dynamic Section.

B.  

Ensuring the script has the necessary permissions.

C.  

Adding the snippet as an integration command.

D.  

Using a markdown output type.

A.  

To allow multi-QUESTION NO: surveys without authentication restrictions

B.  

To automate tasks such as parsing a file or enriching indicators

C.  

To generate new widgets for a dashboard

D.  

To determine different paths in a playbook

A.  

Layouts override classification and mapping

B.  

New tabs can be added to the incident layout

C.  

Layouts can display incident information and custom fields

D.  

Layouts add or remove custom fields from an incident type

A.  

Indicators and relationships

B.  

Timeline information

C.  

Evidence Board

D.  

Context data

E.  

Incident severity

A.  

Closed incidents are not visible in the debugger.

B.  

Starred incidents are not visible in the debugger.

C.  

The incident type is set incorrectly.

D.  

The incident has been restricted.

A.  

Customer supported

B.  

Contex XSOAR supported

C.  

Community supported

D.  

Partner supported

E.  

Prisma Cloud supported

A.  

Live backup

B.  

Engine

C.  

Distributed database

D.  

Local backup

A.  

10,080 minutes (7 days)

B.  

20,160 minutes (14 days)

C.  

21,600 minutes (15 days)

D.  

4,320 minutes (3 days)

A.  

Define the Incident Fetch Interval when running the integration’s commands.

B.  

Duplicate the integration. Edit the resulting copy and add incidentFetchInterval as a parameter. Save the integration. Configure the new integration instance with the interval required.

C.  

Configure the application to send incidents on the required interval.

D.  

Duplicate the integration. Add the interval in the code. Save the integration and Configure the new integration instance with the interval required.

A.  

setIncident

B.  

Set

C.  

GetFieldsByIncidentType

D.  

modifyIncidentFields

A.  

Marketplace.

B.  

Content Repository page.

C.  

Custom integration instances.

D.  

"Export all custom content" feature.

A.  

Run an automation script in the Playground to remove usernames from the incident.

B.  

Create a pre-processing rule that runs an automation script to remove usernames from the incident as it comes into XSOAR.

C.  

Run an automation script on the XSOAR server to remove usernames from the incident.

D.  

Create a playbook task to remove the usernames from the incident.

A.  

XSOAR D2 Agents, to send the required emails.

B.  

An XSOAR engine that is downloaded from the XSOAR server and installed within the subsidiary.

C.  

Another XSOAR server that uses the same license as their primary XSOAR server.

D.  

A Linux server connected with an XSOAR server using SSH integration. Commands can be run remotely to access the mail server.

A.  

Incident Summary View

B.  

My Incidents

C.  

My Threat Landscape

D.  

My Dashboard

A.  

Indicator Reputation from the feed is set to "Malicious.".

B.  

Source Reliability needs to be increased to "A - Completely reliable.".

C.  

The Indicator Expiration Method needs to be set to "Never Expire.".

D.  

The Traffic Light Protocol Color is empty.

A.  

Mark ignore output = true

B.  

Use extend-context

C.  

Use raw-response = save

D.  

Mark ignore input = true

A.  

Share the dashboard in Read and Edit mode for senior analysts.

B.  

Share the dashboard in ReadandEdit mode for senior analysts and Read Only for juniors analysts.

C.  

Share the dashboard in Read and Write mode for senior analysts.

D.  

Share the dashboard in Read Only mode for junior analysts and senior analysts.

A.  

They are used for branching paths in a playbook

B.  

They are used to interact with users through survey functionality

C.  

They are used to determine which incident will be executed

D.  

They are used for sending a specific QUESTION NO: to a person or team

A.  

/var/lib/demisto

B.  

/tmp/log/demisto

C.  

/usr/local/demisto

D.  

/var/log/demisto

A.  

Inline

B.  

Inband

C.  

None

D.  

Out of band

A.  

To track SLA breaches per playbook

B.  

To run a script that executes on SLA assignment

C.  

To automatically alert the analyst on SLA breach

D.  

To count the time between one or more tasks

A.  

Planning > Incident Ingestion > Incident Creation > Mapping and Classification > Pre-processing > Playbook runs > Post-processing

B.  

Planning > Incident Ingestion > Pre-processing > Incident Creation > Mapping and Classification > Playbook runs > Post-processing

C.  

Planning > Incident Ingestion > Pre-processing > Mapping and Classification > Incident Creation > Playbook runs > Post-processing

D.  

Planning > Incident Ingestion > Mapping and Classification > Pre-processing > Incident Creation > Playbook runs > Post-processing

A.  

Available commands

B.  

Permission settings

C.  

Automation version history

D.  

Automation timeout configuration

A.  

30 days

B.  

14 days

C.  

7 days

D.  

60 days

A.  

"Mapping" and "Classification"

B.  

"Time" and "By delta in feed"

C.  

"Cron View" and "Human View"

D.  

"Script Start" and "CLI"

A.  

3000 Incidents

B.  

Incident Field

C.  

Verdict Label

D.  

Incident Type

A.  

Marketplace access

B.  

Application with API

C.  

Private key/Public key integration

D.  

Multitenant deployment

A.  

To loop the sub-playbook over all context values present in the investigation

B.  

To loop the sub-playbook over all incident fields for the given incident

C.  

To loop the sub-playbook over all the fields marked as important

D.  

To loop the sub-playbook over all defined sub-playbook inputs

A.  

XSOAR server, XSOAR engine

B.  

Application server, distributed DB server

C.  

Application server, distributed DB server, Backup server

D.  

All in one server

A.  

Incident ID.

B.  

Entry ID.

C.  

Field ID.

D.  

Note I

D.  

A.  

Relate Incidents.

B.  

Add Child Incidents.

C.  

Join Incidents.

D.  

Merge Incidents.

A.  

Users defined in the platform (email or username)

B.  

Other organizations via the Marketplace

C.  

Users outside XSOAR via email invite

D.  

Roles defined in the platform

A.  

Contains/Includes

B.  

Equals/Matches

C.  

In/In list

D.  

Is defined/Exist

A.  

can run on multiple docker containers

B.  

can be set to run on a scheduled basis in the automation settings

C.  

can be password protected

D.  

can be written in C++

A.  

An automation script cannot execute an integration command and an integration command cannot execute an automation script

B.  

An automation script can execute an integration command and an integration command cannot execute an automation script

C.  

An automation script cannot execute an integration command and an integration command can execute an automation script

D.  

An automation script can execute an integration command and an integration command can execute an automation script

A.  

Playbook

B.  

Classification and mapping

C.  

Incident type

D.  

Pre-processing

A.  

SLA script.

B.  

Post-processing rule.

C.  

Field-change trigger script.

D.  

Server config.

A.  

Use Shell installer and create a custom JSON configuration file.

B.  

Use different docker instances in the machine to install each engine.

C.  

Use Shell installer with "Allow running multiple engines.".

D.  

Create a DEB installer and modify in the JSON configuration.

A.  

Reputation script.

B.  

Enhancement script.

C.  

Integration command.

D.  

Feed-triggered job.

A.  

Verdict provided by the most recently updated source.

B.  

Average verdict score from all sources.

C.  

Verdict provided by the source with the highest reliability score.

D.  

Highest severity verdict from all sources.

A.  

Playbook is marked as complete.

B.  

Commands cannot be executed in the War Room.

C.  

Timers can no longer run.

D.  

Running timers are in a paused state.