Palo Alto Networks Certified Security Automation Engineer (PCSAE) Certification
Format: Multiple choice
Duration: 90 Minutes
Minimum required score to pass: 70%
Language : English
Do you want to guarantee your passing in the Palo Alto Networks Certified Security Automation Engineer (PCSAE) Certification?
Do you want to guarantee your pass in Palo Alto Networks Certified Security Automation Engineer (PCSAE) Certification without the need for training classes and studying Dumps and questions?
We HELP you PASS Palo Alto Networks Certified Security Automation Engineer (PCSAE) Certification, without exam and training!
***Pay after you Pass***
Palo Alto Networks Certified Security Automation Engineer (PCSAE) Certification details
The Palo Alto Networks Security Automation Engineer (PCSAE) certification is designed to validate the knowledge and skills required to develop, analyze, and administer the Palo Alto Networks Cortex XSOAR platform with native threat intelligence management.
Audience and Qualifications
Target Audience
This certification is designed for anyone interested in demonstrating knowledge, skills, and abilities using Palo Alto Networks Cortex XSOAR functionality, including customers, partners, system engineers, analysts, and administrators.
Blueprint
The blueprint table lists the domains covered and includes domain weighting. The percentage weights represent the portion of the exam score that is attributed to each domain. Many candidates nd the table provides focus for studies during exam preparation. Also included in the blueprint table are the more specific tasks associated with each domain. Pay particular attention to these tasks, as they provide more targeted areas of study within the domains.
1. Playbook Development    27%
- 1.1 Reference and manipulate context data to manage automation workflow
- 1.2 Summarize inputs, outputs, and results for playbook tasks
- 1.3 Configure inputs and outputs for subplaybook tasks
- 1.4 Enable and configure looping on a subplaybook
- 1.5 Differentiate among playbook task types
- 1.5.1 Manual
- 1.5.2 Automated
- 1.5.3 Conditional
- 1.5.4 Data collection
- 1.5.5 Subplaybook
- 1.6 Apply Filters and transformers to manipulate data
- 1.7 Apply the playbook debugger to aid in developing playbooks
2. Incident Objects     13%
- 2.1 Configure incident types
- 2.2 Identify the role of an incident type within the incident lifecycle
- 2.3 Configure an incident layout
- 2.3.1 Fields and buttons
- 2.3.2 Tabs
- 2.3.3 New/Edit and Close Forms
- 2.4 Summarize the function, capabilities, and purpose of incident fields
- 2.5 Configure classifiers and mappers
3. Automations, Integrations, and Related Concepts     18%
- 3.1 Dene the capabilities of automation across XSOAR functions
- 3.1.1 Playbook tasks
- 3.1.2 War room
- 3.1.3 Layouts (dynamic sections, buttons)
- 3.1.4 Jobs
- 3.1.5 Field trigger scripts
- 3.1.6 Pre/post-processing
- 3.2 Differentiate between automations, commands, and scripts
- 3.3 Interpret and modify automation scripts
- 3.3.1 Script helper
- 3.3.2 Script settings
- 3.3.3 Language types
- 3.3.4 Script text
- 3.4 Identify the properties and capabilities of the XSOAR framework for integration
- 3.5 Configure and manage integration instances
4. Content Management and Solution Architecture    17%
- 4.1 Apply marketplace concepts for the management of content
- 4.1.1 Searching in marketplace
- 4.1.2 Installation and updates
- 4.1.3 Dependencies
- 4.1.4 Version history
- 4.1.5 Partner supported versus XSOAR supported
- 4.1.6 Submitting content to the marketplace
- 4.2 Apply general content customization and management concepts
- 4.2.1 Custom versus system content
- 4.2.2 Duplicating content
- 4.2.3 Importing/exporting custom content
- 4.2.4 Version control
- 4.3 Manage local changes in a remote repository (dev-prod) configuration
- 4.4 Describe the components of the XSOAR system architecture
- 4.4.1 System hardware requirements
- 4.4.2 Remote repositories (dev-prod)
- 4.4.3 Engines
- 4.4.4 Multitenancy
- 4.4.5 Elasticsearch/HA
- 4.4.6 Docker
- 4.5 Describe the incident lifecycle within XSOAR
- 4.6 Dene the capabilities of RBAC
- 4.6.1 Page access
- 4.6.2 Integration permissions
- 4.6.3 Incident tabs (layout specification)
- 4.6.4 Automation permissions
- 4.6.5 Incident viewing permissions by role
- 4.7 Identify the troubleshooting tools available to obtain more diagnostic information
- 4.7.1 Log bundles
- 4.7.2 Integration testing
- 4.8 Identify options available for performance tuning
- 4.8.1 Ignore output
- 4.8.2 Quiet mode
- 4.9 Monitor system health using the System Diagnostics page
5. UI Workflow, Dashboards, and Reports     13%
- 5.1 Identify methods for querying data
- 5.1.1 Indicators
- 5.1.2 Incidents
- 5.1.3 Dashboards
- 5.1.4 Global search
- 5.2 Summarize the workow elements used during an investigation
- 5.2.1 Layouts
- 5.2.2 War Room
- 5.2.3 Work Plan
- 5.2.4 Evidence Board
- 5.2.5 Actions menu
- 5.3 Interact with layouts for incident management
- 5.3.1 Sections
- 5.3.2 Fields
- 5.3.3 Buttons
- 5.4 Summarize tools used for managing incidents
- 5.4.1 Bulk incident actions
- 5.4.2 Table view versus summary view
- 5.4.3 Table settings
- 5.5 Identify the capabilities of existing dashboards and reports
- 5.6 Summarize what information can be created, edited, or shared within dashboards and reports
- 5.7 Summarize the capabilities of widget builder
6. Threat Intel Management     12%
- 6.1 Identify the parameters available for configuring indicator objects
- 6.1.1 Layouts and types
- 6.1.2 Fields
- 6.1.3 Reputation scripts and commands
- 6.1.4 Expiration
- 6.2 Generate threat intel reports
- 6.3 Describe the features of the Threat Intel page
- 6.3.1 Unit 42 intel feature
- 6.3.2 XSOAR indicators
- 6.3.3 Export/import capabilities
- 6.4 Configure threat intel feed integrations
- 6.5 Identify the options available to auto extract
- 6.5.1 Exclusion list
- 6.5.2 Playbook auto extract
- 6.5.3 Regex for auto extract
- 6.5.4 System defaults
- 6.5.5 Extraction settings for incident types
