Palo Alto Networks Palo Alto Networks Certification PCDRA Questions & Answers

• Question 41:

  What is the purpose of targeting software vendors in a supply-chain attack?

  A. to take advantage of a trusted software delivery method.

  B. to steal users' login credentials.

  C. to access source code.

  D. to report Zero-day vulnerabilities.

  Correct Answer: B

• Question 42:

  Which statement is true based on the following Agent Auto Upgrade widget?

  

  A. There are a total of 689 Up To Date agents.

  B. Agent Auto Upgrade was enabled but not on all endpoints.

  C. Agent Auto Upgrade has not been enabled.

  D. There are more agents in Pending status than In Progress status.

  Correct Answer: B

• Question 43:

  In Windows and macOS you need to prevent the Cortex XDR Agent from blocking execution of a file based on the digital signer. What is one way to add an exception for the singer?

  A. In the Restrictions Profile, add the file name and path to the Executable Files allow list.

  B. Create a new rule exception and use the singer as the characteristic.

  C. Add the signer to the allow list in the malware profile.

  D. Add the signer to the allow list under the action center page.

  Correct Answer: C

• Question 44:

  As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to download Cobalt Strike on one of your servers. Days later, you learn about a massive ongoing supply chain attack. Using Cortex XDR you recognize that your server was compromised by the attack and that Cortex XDR prevented it. What steps can you take to ensure that the same protection is extended to all your servers?

  A. Create Behavioral Threat Protection (BTP) rules to recognize and prevent the activity.

  B. Enable DLL Protection on all servers but there might be some false positives.

  C. Create IOCs of the malicious files you have found to prevent their execution.

  D. Enable Behavioral Threat Protection (BTP) with cytool to prevent the attack from spreading.

  Correct Answer: A

• Question 45:

  Which type of BIOC rule is currently available in Cortex XDR?

  A. Threat Actor

  B. Discovery

  C. Network

  D. Dropper

  Correct Answer: D

• Question 46:

  Which engine, of the following, in Cortex XDR determines the most relevant artifacts in each alert and aggregates all alerts related to an event into an incident?

  A. Sensor Engine

  B. Causality Analysis Engine

  C. Log Stitching Engine

  D. Causality Chain Engine

  Correct Answer: B

• Question 47:

  What does the following output tell us?

  

  A. There is one low severity incident.

  B. Host shpapy_win10 had the most vulnerabilities.

  C. There is one informational severity alert.

  D. This is an actual output of the Top 10 hosts with the most malware.

  Correct Answer: D

• Question 48:

  In incident-related widgets, how would you filter the display to only show incidents that were "starred"?

  A. Create a custom XQL widget

  B. This is not currently supported

  C. Create a custom report and filter on starred incidents

  D. Click the star in the widget

  Correct Answer: D

• Question 49:

  Where would you view the WildFire report in an incident?

  A. next to relevant Key Artifacts in the incidents details page

  B. under Response --> Action Center

  C. under the gear icon --> Agent Audit Logs

  D. on the HUB page at apps.paloaltonetworks.com

  Correct Answer: B

• Question 50:

  Which Type of IOC can you define in Cortex XDR?

  A. destination port

  B. e-mail address

  C. full path

  D. App-ID

  Correct Answer: C