Palo Alto Networks PCSAE Exam - Topic 1 Question 22 Discussion

Actual exam question for Palo Alto Networks's PCSAE exam

Question #: 22
Topic #: 1

Multiple company assets were reported by vulnerability scanners as being vulnerable to CVE-2017-11882. This vulnerability affects applications installed on workstations. The SOC team needs to take action and apply the new vulnerability patch that was just released. The team must first create a cause for each of the identified assets in ServiceNow IT Service Management (ITSM), in order to notify the IT department. Next, the team creates a task in the main playbook, which extracts the list of assets from the scanner report.

After the list of assets are created, what are the two solutions that the SOC team could take so that a case could be created and a patch installed? (Choose two.)

ACreate a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Condition: AreValuesEqual -- Exit on yes -- left:1, right 1) and perform the following tasks:
- Active Directory User Enrichment based on the computerName
- Create the ServiceNow Record by adding the enrichment information
- Mark the ticket severity as Urgent

BCreate a sub-playbook with a single input containing the computer names that will loop 'For Each Input' and perform the following tasks:
- Active Directory User Enrichment based on the computerName
- Create the ServiceNow Record by adding the enrichment information
- Mark the ticket severity as Urgent

CSet a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator contains the count of the number of items in the list) and perform the following tasks:
- Active Directory User Enrichment based on the computerName
- Create the ServiceNow Record by adding the enrichment information
- Mark the ticket severity as Urgent

DSet a key for storing the iteration number and create a sub-playbook with a single input containing the computer names that will loop until the last item from the asset list (Exit condition: iterator equal to count of the number of item in the list) and perform the following tasks:
- Increase the iterator value by one each time
- Active Directory User Enrichment based on the computerName
- Create the ServiceNow Record by adding the enrichment information
- Mark the ticket severity as Urgent

Show Suggested Answer

Suggested Answer: B, D

by Lynelle at May 08, 2022, 02:13 AM

Limited Time Offer

25%

5 months ago

I remember something about those EEM scripts needing a specific event to detect changes, but I'm not totally sure which one it is.

upvoted 0 times

...