Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Palo Alto Networks XSOAR-Engineer Exam - Topic 3 Question 1 Discussion

Actual exam question for Palo Alto Networks's XSOAR-Engineer exam
Question #: 1
Topic #: 3
[All XSOAR-Engineer Questions]

You need to retrieve a list of all malicious hashes over the last 30 days. What is the correct query to use?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Jeffrey at Dec 20, 2025, 02:37 PM

Limited Time Offer

25%

Off

Get Premium XSOAR-Engineer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Chaya
3 days ago
Wait, is "sourcetimestamp" even a valid field?
upvoted 0 times
...
Dalene
9 days ago
I agree with D, seems to fit the criteria.
upvoted 0 times
...
Paulina
14 days ago
Definitely not A, that syntax looks off.
upvoted 0 times
...
Corrinne
19 days ago
I think option D is the right one.
upvoted 0 times
...
Zona
24 days ago
Option D is the way to go. Using the greater than or equal to operator for the timestamp is the most logical choice here.
upvoted 0 times
...
Deonna
29 days ago
Haha, this question is a real brain-teaser! I'm going to have to go with option A just to see what happens. You never know, it might work!
upvoted 0 times
...
Teresita
2 months ago
Hmm, I'm not sure about that. Shouldn't we be using the "sourcetimestamp" field instead of just "timestamp"? I'd go with option D.
upvoted 0 times
...
Claribel
2 months ago
Option B looks good to me. Using the "verdict:Malicious" criteria seems more appropriate than "reputation:Malicious".
upvoted 0 times
...
Bambi
2 months ago
I think option D is the correct one. The query should use the greater than or equal to operator to retrieve all malicious hashes over the last 30 days.
upvoted 0 times
...
Horace
2 months ago
I want to say it's option D because it mentions "verdict" and uses the right date format, but I need to double-check my notes on that.
upvoted 0 times
...
Magdalene
2 months ago
I'm a bit confused about the difference between "reputation" and "verdict." I feel like I might have seen "verdict" used more often in examples.
upvoted 0 times
...
Georgeanna
3 months ago
I remember practicing a similar question, and I think the correct operator for the date should be ">=" to include the last 30 days.
upvoted 0 times
...
Trinidad
3 months ago
I think the query should focus on the "verdict" rather than "reputation," but I'm not entirely sure which timestamp format to use.
upvoted 0 times
...
Glenn
3 months ago
I'm a bit unsure about this one. I think I need to double-check the syntax for the timestamp filter to make sure I'm using the right operator and format.
upvoted 0 times
...
An
3 months ago
I'm pretty confident that D is the correct answer. The "verdict:Malicious" part clearly indicates we're looking for hashes that have been marked as malicious, and the ">=" operator on the timestamp will give us all the hashes from the last 30 days.
upvoted 0 times
...
Brigette
3 months ago
Option B seems like it could work, but I'm not sure if the "<=" operator is the correct one to use for the timestamp. Shouldn't it be ">=" to get all the hashes from the last 30 days?
upvoted 0 times
...
Stevie
3 months ago
Hmm, I'm a bit confused about the difference between "reputation" and "verdict" in the options. Do they mean the same thing in this context?
upvoted 0 times
...
Hannah
4 months ago
I think it's A. Seems straightforward.
upvoted 0 times
...
Tasia
4 months ago
I think option D looks right, since we want to get all the malicious hashes over the last 30 days, and that query checks for a timestamp greater than or equal to 30 days ago.
upvoted 0 times
Dewitt
4 months ago
I disagree, I think option A is more accurate.
upvoted 0 times
...
...

Save Cancel