Exam PCSAE All QuestionsBrowse all questions from this exam
Question 111

A SOC analyst needs to retrieve the list of all open phishing incidents in the last 30 days. What is the correct query to use?

    Correct Answer: A

    To retrieve the list of all open phishing incidents in the last 30 days, the correct query must exclude closed incidents and incidents categorized under job type but include those created in the last 30 days. The query -status:closed -category:job type:Phishing created:>=

Discussion
franko_72Option: A

Answer is A for my XSOAR

franko_72Option: A

Not sure if any of these answers are correct. On my XSOAR this query works: -status:Closed -category:job and type:Phishing created:>="30 days ago" Notice the 'and' and not '&' and the >= not <= operators So, the -status closed means NOT closed as the - means the opposite. The -category job means anything but jobs as again the - means 'not' The greater than or equal to is a weird one, I just created a test phishing incident so I would of thought all Phishing incidents greater than or equal to 30 days ago.

piipoOption: A

A is correct