Paloalto Networks PCDRA Palo Alto Networks Certified Detection and Remediation Analyst Online Training
Paloalto Networks PCDRA Online Training
The questions for PCDRA were last updated at Nov 22,2024.
- Exam Code: PCDRA
- Exam Name: Palo Alto Networks Certified Detection and Remediation Analyst
- Certification Provider: Paloalto Networks
- Latest update: Nov 22,2024
Phishing belongs to which of the following MITRE ATT&CK tactics?
- A . Initial Access, Persistence
- B . Persistence, Command and Control
- C . Reconnaissance, Persistence
- D . Reconnaissance, Initial Access
When creating a BIOC rule, which XQL query can be used?
- A . dataset = xdr_data
| filter event_sub_type = PROCESS_START and
action_process_image_name ~= ".*?.(?:pdf|docx).exe" - B . dataset = xdr_data
| filter event_type = PROCESS and
event_sub_type = PROCESS_START and
action_process_image_name ~= ".*?.(?:pdf|docx).exe" - C . dataset = xdr_data
| filter action_process_image_name ~= ".*?.(?:pdf|docx).exe"
| fields action_process_image - D . dataset = xdr_data
| filter event_behavior = true
event_sub_type = PROCESS_START and
action_process_image_name ~= ".*?.(?:pdf|docx).exe"
Which built-in dashboard would be the best option for an executive, if they were looking for the Mean Time to Resolution (MTTR) metric?
- A . Security Manager Dashboard
- B . Data Ingestion Dashboard
- C . Security Admin Dashboard
- D . Incident Management Dashboard
What are two purposes of “Respond to Malicious Causality Chains” in a Cortex XDR Windows Malware profile? (Choose two.)
- A . Automatically close the connections involved in malicious traffic.
- B . Automatically kill the processes involved in malicious activity.
- C . Automatically terminate the threads involved in malicious activity.
- D . Automatically block the IP addresses involved in malicious traffic.
When creating a custom XQL query in a dashboard, how would a user save that XQL query to the Widget Library?
- A . Click the three dots on the widget and then choose “Save” and this will link the query to the Widget Library.
- B . This isn’t supported, you have to exit the dashboard and go into the Widget Library first to create it.
- C . Click on “Save to Action Center” in the dashboard and you will be prompted to give the query a name and description.
- D . Click on “Save to Widget Library” in the dashboard and you will be prompted to give the query a name and description.
What license would be required for ingesting external logs from various vendors?
- A . Cortex XDR Pro per Endpoint
- B . Cortex XDR Vendor Agnostic Pro
- C . Cortex XDR Pro per TB
- D . Cortex XDR Cloud per Host
An attacker tries to load dynamic libraries on macOS from an unsecure location.
Which Cortex XDR module can prevent this attack?
- A . DDL Security
- B . Hot Patch Protection
- C . Kernel Integrity Monitor (KIM)
- D . Dylib Hijacking
What is the purpose of the Unit 42 team?
- A . Unit 42 is responsible for automation and orchestration of products
- B . Unit 42 is responsible for the configuration optimization of the Cortex XDR server
- C . Unit 42 is responsible for threat research, malware analysis and threat hunting
- D . Unit 42 is responsible for the rapid deployment of Cortex XDR agents
Which Type of IOC can you define in Cortex XDR?
- A . destination port
- B . e-mail address
- C . full path
- D . App-ID
When viewing the incident directly, what is the “assigned to” field value of a new Incident that was just reported to Cortex?
- A . Pending
- B . It is blank
- C . Unassigned
- D . New