Palo Alto Networks Certified Security Automation Engineer (PCSAE) — Question 77

A SOC analyst needs to retrieve the list of all open phishing incidents in the last 30 days. What is the correct query to use?

Answer options

• A. -status:closed -category:job type:Phishing created:>="30 days ago"
• B. status:closed -category:job & type:Phishing created:>="30 days ago"
• C. -status:closed -category:job & type:Phishing created:<="30 days ago"
• D. -status:closed -category:job type:Phishing created:="30 days ago"

Correct answer: C

Explanation

The correct answer, C, accurately filters out closed incidents and retrieves phishing incidents created within the last 30 days. Options A and B incorrectly include 'status:closed', which would exclude open incidents, while option D improperly uses '=' instead of '>=' or '<=' for the created date filter.