PCDRA exam

When selecting multiple Incidents at a time, what options are available from the menu when a user right-clicks the incidents? (Choose two.)A . Assign incidents to an analyst in bulk.B . Change the status of multiple incidents.C . Investigate several Incidents at once.D . Delete the selected Incidents.View AnswerAnswer: A,B...

Which statement best describes how Behavioral Threat Protection (BTP) works?A . BTP injects into known vulnerable processes to detect malicious activity.B . BTP runs on the Cortex XDR and distributes behavioral signatures to all agents.C . BTP matches EDR data with rules provided by Cortex XDR.D . BTP uses machine...

After scan, how does file quarantine function work on an endpoint?A . Quarantine takes ownership of the files and folders and prevents execution through access control.B . Quarantine disables the network adapters and locks down access preventing any communications with the endpoint.C . Quarantine removes a specific file from its...

Which built-in dashboard would be the best option for an executive, if they were looking for the Mean Time to Resolution (MTTR) metric?A . Security Manager DashboardB . Data Ingestion DashboardC . Security Admin DashboardD . Incident Management DashboardView AnswerAnswer: A Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-release-notes/release-information/features-introduced/features-introduced-in-2021.html

When creating a BIOC rule, which XQL query can be used?A . dataset = xdr_data | filterevent_sub_type = PROCESS_START and action_process_image_name ~= ".*?.(?:pdf|docx).exe"B . dataset = xdr_data | filter event_type = PROCESS and event_sub_type = PROCESS_START and action_process_image_name ~= ".*?.(?:pdf|docx).exe"C . dataset = xdr_data | filter action_process_image_name ~= ".*?.(?:pdf|docx).exe" |...

What kind of the threat typically encrypts userfiles?A . ransomwareB . SQL injection attacksC . Zero-day exploitsD . supply-chain attacksView AnswerAnswer: A Explanation: Reference: https://www.proofpoint.com/us/threat-reference/ransomware#:~:text=Ransomware%20is%20a%20type%20of,ransom%20fee%20to%20the%20attacker

When creating a custom XQL query in a dashboard, how would a user save that XQL query to the Widget Library?A . Click the three dots on the widget andthen choose “Save” and this will link the query to the Widget Library.B . This isn’t supported, you have to exit...

When using the “File Search and Destroy” feature, which of the following search hash type is supported?A . SHA256 hash of the fileB . AES256 hash of the fileC . MD5 hash of the fileD . SHA1 hash of the fileView AnswerAnswer: A Explanation: Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/response-actions/search-file-and-destroy.html

A file is identified as malware by the Local Analysis module whereas WildFire verdict is Benign, Assuming WildFire is accurate . Which statement is correct for the incident?A . It is true positive.B . It is false positive.C . It is a false negative.D . It is true negative.View AnswerAnswer:...

If you have an isolated network that is prevented from connecting to the Cortex Data Lake, which type of Broker VM setup can you use to facilitate the communication?A . Broker VM PathfinderB . Local Agent ProxyC . Local Agent Installer and Content CachingD . Broker VM Syslog CollectorView AnswerAnswer:...