Cortex XDR Analytics can alert when detecting activity matching the following MITRE ATTandCKTM techniques.
A. Exfiltration, Command and Control, Collection
B. Exfiltration, Command and Control, Privilege Escalation
C. Exfiltration, Command and Control, Impact
D. Exfiltration, Command and Control, Lateral Movement
When selecting multiple Incidents at a time, what options are available from the menu when a user right-clicks the incidents? (Choose two.)
A. Assign incidents to an analyst in bulk.
B. Change the status of multiple incidents.
C. Investigate several Incidents at once.
D. Delete the selected Incidents.
A file is identified as malware by the Local Analysis module whereas WildFire verdict is Benign, Assuming WildFire is accurate. Which statement is correct for the incident?
A. It is true positive.
B. It is false positive.
C. It is a false negative.
D. It is true negative.
What is the outcome of creating and implementing an alert exclusion?
A. The Cortex XDR agent will allow the process that was blocked to run on the endpoint.
B. The Cortex XDR console will hide those alerts.
C. The Cortex XDR agent will not create an alert for this event in the future.
D. The Cortex XDR console will delete those alerts and block ingestion of them in the future.
Which statement is true for Application Exploits and Kernel Exploits?
A. The ultimate goal of any exploit is to reach the application.
B. Kernel exploits are easier to prevent then application exploits.
C. The ultimate goal of any exploit is to reach the kernel.
D. Application exploits leverage kernel vulnerability.
To create a BIOC rule with XQL query you must at a minimum filter on which field in order for it to be a valid BIOC rule?
A. causality_chain
B. endpoint_name
C. threat_event
D. event_type
Which of the following is an example of a successful exploit?
A. connecting unknown media to an endpoint that copied malware due to Autorun.
B. a user executing code which takes advantage of a vulnerability on a local service.
C. identifying vulnerable services on a server.
D. executing a process executable for well-known and signed software.
Which of the following represents the correct relation of alerts to incidents?
A. Only alerts with the same host are grouped together into one Incident in a given time frame.
B. Alerts that occur within a three hour time frame are grouped together into one Incident.
C. Alerts with same causality chains that occur within a given time frame are grouped together into an Incident.
D. Every alert creates a new Incident.
Which license is required when deploying Cortex XDR agent on Kubernetes Clusters as a DaemonSet?
A. Cortex XDR Pro per TB
B. Host Insights
C. Cortex XDR Pro per Endpoint
D. Cortex XDR Cloud per Host
What kind of the threat typically encrypts user files?
A. ransomware
B. SQL injection attacks
C. Zero-day exploits
D. supply-chain attacks
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Palo Alto Networks exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your PCDRA exam preparations and Palo Alto Networks certification application, do not hesitate to visit our Vcedump.com to find your solutions here.