Palo Alto Networks Certified Security Automation Engineer (PCSAE) — Question 79

Incidents need to be filtered by all of the following criteria:
1. Status `" Pending
2. Exclude Category `" Job
3. Severity `" High
4. Owner `" None (No owner assigned)
5. Type `" Phishing
6. Email Subject `" `You have won a million dollars`
What is the correct query syntax for the above incident search filter?

Answer options

• A. status==ג€Pendingג€ && category!=ג€jobג€ && severity==ג€Highג€ && owner==ג€Noneג€ && type==ג€Phishingג€ && emailsubject==ג€You have won a million dollarsג€
• B. Status:Pending and ג€"Category:job and Severity:High and Owner:ג€ג€ and Type:Phishing and Email Subject:You have won a million dollars
• C. status:Pending and ג€"category:job and severity:High and owner:ג€ג€ and type:Phishing and emailsubject:ג€You have won a million dollarsג€
• D. status:Pending or ג€"category:job or severity:High or owner:ג€ג€ or type:Phishing or emailsubject:ג€You have won a million dollarsג€

Correct answer: C

Explanation

Option C is correct as it uses the proper syntax for filtering incidents with the specified criteria. It applies the correct operators and maintains the necessary conditions without excluding any required filters. The other options either use incorrect operators or fail to exclude the 'Job' category properly.