ExamTopics Logo
Mail Us[email protected]
Menu
Palo-Alto-Networks Discussions
exam questions

Exam PCSAE All Questions

View all questions & answers for the PCSAE exam
Go to Exam

Exam PCSAE topic 1 question 46 discussion

Actual exam question from Palo Alto Networks's PCSAE
Question #: 46
Topic #: 1
[All PCSAE Questions]

An engineer's organization system is registered in the following manner: <SiteName-SystemID-Username>. The engineer created a new indicator type for detecting systems using regex. The engineer would now like the username to be created as a separate `˜User' indicator automatically once a system is found.
What is the most efficient way for the engineer to achieve this?

  • A. Create a custom indicator field named 'username' and link it to the internal system indicator
  • B. Change the reputation command for the internal system indicator type
  • C. Create a new indicator type of the internal username and set a formatting script to extract only the username
  • D. Create a new indicator type of the internal username and have the regex included on any string that has dash at the beginning
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Reference:
https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-0/cortex-xsoar-threat-intel-management-guide/manage-indicators/understand-indicators/ indicator-types/indicator-type-profile
by rmurugan at Oct. 17, 2021, 11:55 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
randomnametester
Highly Voted 2 years, 3 months ago
C is best answer. System message does not start with dash so it will not come up in regex of D
upvoted 8 times
...
piipo
Most Recent 4 months, 1 week ago
Selected Answer: C
C is Correct
upvoted 1 times
...
rmurugan
2 years, 9 months ago
D seems the best answer
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago