U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Palo Alto Networks XSOAR-Engineer Exam - Topic 3 Question 1 Discussion

You need to retrieve a list of all malicious hashes over the last 30 days. What is the correct query to use?
A) type:File reputation:Malicious sourcetimestamp:'30 days ago'
B) type:File verdict:Malicious sourcetimestamp:<='30 days ago'
C) type:File reputation:Malicious sourcetimestamp:='30 days ago'
D) type:File verdict:Malicious sourcetimestamp:>='30 days ago'

Palo Alto Networks XSOAR-Engineer Exam - Topic 3 Question 1 Discussion

Actual exam question for Palo Alto Networks's XSOAR-Engineer exam
Question #: 1
Topic #: 3
[All XSOAR-Engineer Questions]

You need to retrieve a list of all malicious hashes over the last 30 days. What is the correct query to use?

Show Suggested Answer Hide Answer
Suggested Answer: A

Contribute your Thoughts:

0/2000 characters
Sue
1 month ago
I feel B is the safest choice. Clear and precise.
upvoted 0 times
...
Jess
2 months ago
C is confusing. Not sure about the "=" sign.
upvoted 0 times
...
Kattie
2 months ago
A is too vague for me. I like D's clarity.
upvoted 0 times
...
Gilbert
2 months ago
B looks good too. "verdict" is important.
upvoted 0 times
...
Lenna
2 months ago
I prefer D. It covers the last 30 days well.
upvoted 0 times
...
Talia
2 months ago
C looks interesting, but I’m not sure about the syntax.
upvoted 0 times
...
Chaya
2 months ago
Wait, is "sourcetimestamp" even a valid field?
upvoted 0 times
...
Dalene
3 months ago
I agree with D, seems to fit the criteria.
upvoted 0 times
...
Paulina
3 months ago
Definitely not A, that syntax looks off.
upvoted 0 times
...
Corrinne
3 months ago
I think option D is the right one.
upvoted 0 times
...
Zona
3 months ago
Option D is the way to go. Using the greater than or equal to operator for the timestamp is the most logical choice here.
upvoted 0 times
...
Deonna
3 months ago
Haha, this question is a real brain-teaser! I'm going to have to go with option A just to see what happens. You never know, it might work!
upvoted 0 times
...
Teresita
4 months ago
Hmm, I'm not sure about that. Shouldn't we be using the "sourcetimestamp" field instead of just "timestamp"? I'd go with option D.
upvoted 0 times
...
Claribel
4 months ago
Option B looks good to me. Using the "verdict:Malicious" criteria seems more appropriate than "reputation:Malicious".
upvoted 0 times
...
Bambi
4 months ago
I think option D is the correct one. The query should use the greater than or equal to operator to retrieve all malicious hashes over the last 30 days.
upvoted 0 times
...
Horace
5 months ago
I want to say it's option D because it mentions "verdict" and uses the right date format, but I need to double-check my notes on that.
upvoted 0 times
...
Magdalene
5 months ago
I'm a bit confused about the difference between "reputation" and "verdict." I feel like I might have seen "verdict" used more often in examples.
upvoted 0 times
...
Georgeanna
5 months ago
I remember practicing a similar question, and I think the correct operator for the date should be ">=" to include the last 30 days.
upvoted 0 times
...
Trinidad
5 months ago
I think the query should focus on the "verdict" rather than "reputation," but I'm not entirely sure which timestamp format to use.
upvoted 0 times
...
Glenn
5 months ago
I'm a bit unsure about this one. I think I need to double-check the syntax for the timestamp filter to make sure I'm using the right operator and format.
upvoted 0 times
...
An
5 months ago
I'm pretty confident that D is the correct answer. The "verdict:Malicious" part clearly indicates we're looking for hashes that have been marked as malicious, and the ">=" operator on the timestamp will give us all the hashes from the last 30 days.
upvoted 0 times
...
Brigette
6 months ago
Option B seems like it could work, but I'm not sure if the "<=" operator is the correct one to use for the timestamp. Shouldn't it be ">=" to get all the hashes from the last 30 days?
upvoted 0 times
...
Stevie
6 months ago
Hmm, I'm a bit confused about the difference between "reputation" and "verdict" in the options. Do they mean the same thing in this context?
upvoted 0 times
...
Hannah
6 months ago
I think it's A. Seems straightforward.
upvoted 0 times
...
Tasia
6 months ago
I think option D looks right, since we want to get all the malicious hashes over the last 30 days, and that query checks for a timestamp greater than or equal to 30 days ago.
upvoted 0 times
Dewitt
6 months ago
I disagree, I think option A is more accurate.
upvoted 0 times
...
...

Save Cancel