XSOAR-Engineer : BUNDLE PACK LEARNING TOOLS INCLUDED

Key Exam Details
Focus: Practical & theoretical understanding of Cortex XSOAR for SOC automation.
Format: Multiple-choice questions (MCQs).
Duration: 90 minutes.
Cost: ~
Delivery:
Language: English.

Main Exam Domains & Topics
Planning, Installation, & Maintenance (14%): Authentication, engine deployment, dev/prod management, Marketplace, troubleshooting.
Use Case Planning & Development (22%): Incident/indicator lifecycles, layouts, classifiers, mappers, incident creation, playbook/SLA development.
Playbook Development (30%): Task inputs/outputs, context data, sub-playbooks, filters, transformers, automation scripts (Python/JS).
Incident Interactions & Reporting (16%): War room, dashboards, reports, analyst tasks, MITRE ATT&CK.
System Administration & Integrations (18%): Data ingestion, normalization, API knowledge, system health.

Level: Specialist
Format: Certification
Platform: Security Operations

This certification validates experienced security operations engineers on their knowledge, skills, and abilities in onboarding, deployment, integration, playbook creation and automation scripting, content lifecycle management, and system troubleshooting using Cortex XSOAR in security operations environments.

Target Audience & Skills
Roles: SOC Engineers, XSOAR Specialists, Automation Engineers, Security Architects.
Skills: Incident response, scripting (Python/JS), JSON, REST APIs, SIEM/EDR/Threat Intel integration, data transformation.

This certification is designed for security operations engineers, security engineers, XSOAR specialists, SOC engineers, automation engineers, playbook developers, security architects, and support engineers responsible for deploying, configuring, integrating, managing, and troubleshooting Cortex XSOAR environments.

Description Certification Objectives
This certification validates experienced security operations engineers on their knowledge, skills, and abilities in onboarding, deployment, integration, playbook creation and automation scripting, content lifecycle management, and system troubleshooting using Cortex XSOAR in security operations environments.

Standard
With standard delivery you will receive two emails within 3-4 hours of your purchase. The first email will be an order confirmation, and the second will include your voucher and registration information. Make sure to check your spam and junk folders.

All exam vouchers expire twelve (12) months after the date of purchase. You must schedule and take the applicable exam within twelve (12) months of purchase.

Sample Question and Answer

QUESTION 1
Which two advanced attributes can be applied to incident fields when editing? (Choose two.)

A. Set a field trigger script
B. Associate to an incident type
C. Change field type
D. Change field name

Answer: AB

QUESTION 2
Given an incident with three files, how could the name of the second file be referenced?

A. ${Files.[2].Name}
B. ${Files.Name.[2]}
C. ${File.[1].Name}
D. ${File.Name.[1]}

Answer: D

QUESTION 3
Which component can be part of a load balancing group?

A. Distributed database
B. D2 agent
C. Engine
D. Load balancing server

Answer: C

QUESTION 4
Which method accesses a field called ‘User Mail in a playbook?

A. ${incident.usermail}
B. ${incident.User Mail}
C. ${incident.UserMail}
D. ${usermail}

Answer: A

QUESTION 5
A SOC manager built a dashboard and would like to share the dashboard with other team members.
How would the SOC manager create a dashboard that meets this requirement?

A. Manually share the dashboard through user emails
B. Dashboard is shared to all XSOAR users
C. Propagate the dashboard based on SAML authentication
D. Dashboard is shared to all XSOAR users in a selected role

Answer: D