Free PCSAE Practice Test Questions 2026

Given an incident with three files, how could the name of the second file be referenced?

A. ${Files.[2].Name}

B. ${Files.Name.[2]}

C. ${File.[1].Name}

D. ${File.Name.[1]}

Can an automation script execute an integration command and an integration command execute an automation script?

A. An automation script cannot execute an integration command and an integration command cannot execute an automation script

B. An automation script can execute an integration command and an integration command cannot execute an automation script

C. An automation script cannot execute an integration command and an integration command can execute an automation script

D. An automation script can execute an integration command and an integration command can execute an automation script

In which two scenarios would it be appropriate to implement a loop for a sub-playbook? (Choose two.)

A. In repetitive process flows to iterate for each playbook input

B. When continuously ingesting incidents from third-party systems

C. In repetitive process flows with no more than 10 loops

D. In repetitive processes that requires sub-playbook re-execution

In order to automatically run a playbook on the indicators fetched by an integration, what would an XSOAR Administrator setup?

A. Cron job

B. Time triggered job

C. Feed triggered job

D. REST API job

What is used to trigger playbooks automatically based on the classification of an incident?

A. Indicator type

B. Incoming mapper

C. Incident types

D. Integration configuration

Threat Intel search queries can be shared with which of the following? (Select 1)

A. Users defined in the platform (email or username)

B. Other organizations via the Marketplace

C. Users outside XSOAR via email invite

D. Roles defined in the platform

What is an example of a generic reputation command?

A. !ip

B. !getReputation

C. !reputation

D. !enrichIndicator

Which two statements describe how timers are configured to start and stop automatically in a playbook? (Choose two.)

A. Use a field of Number to count the number of seconds elapsed between two tasks

B. After the playbook has run, calculate the total time taken and set the timer field with this value

C. To begin counting time taken, add a task in the playbook with automation startTimer. To end the counting, add a task with automation stopTimer

D. From the Timers tab of the playbook task, choose the action for the timer and the timer field to perform the action on

What are inputs and outputs in reference to a Playbook Development Lifecycle? (Choose three.)

A. Inputs are data pieces that are present in the playbook

B. Inputs are data pieces that are present in the task

C. Outputs are used as incident trigger for playbook

D. Outputs can be derived from the result of a task or command

E. Inputs are the data fields parsed by the Classifier

By default, which components does an XSOAR implementation include?

A. XSOAR server, XSOAR engine

B. Application server, distributed DB server

C. Application server, distributed DB server, Backup server

D. All in one server

An analyst runs the following command in a playbook task:
!ip ip=1.1.1.1
Which extraction mode needs to be enabled on the Advanced tab of the playbook task to synchronously extract indicators from the results of this command?

A. Synchronous

B. Extract

C. Out of band

D. Inline

Which two functions in XSOAR are incident types used for? (Choose two.)

A. To run dedicated playbooks for different event types

B. To classify events ingested from various sources into the relevant types

C. To classify indicators extracted in XSOAR incidents to their respective types

D. To facilitate role based access to XSOAR incidents