Palo Alto Networks Certified Security Automation Engineer (PCSAE) — Question 96

You need to retrieve a list of all malicious hashes over the last 30 days. What is the correct query to use?

Answer options

• A. type:File reputation:Malicious sourcetimestamp:"30 days ago"
• B. type:File verdict:Malicious sourcetimestamp:<="30 days ago"
• C. type:File reputation:Malicious sourcetimestamp:="30 days ago"
• D. type:File verdict:Malicious sourcetimestamp:>="30 days ago"

Correct answer: D

Explanation

The correct answer, D, specifies 'type:File verdict:Malicious' and uses 'sourcetimestamp:>="30 days ago"', which correctly retrieves data from the last 30 days. Options A and C incorrectly use 'reputation' instead of 'verdict', and option B uses '<=' which does not include the most recent 30 days.