New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70special

Paloalto Networks PCDRA Palo Alto Networks Certified Detection and Remediation Analyst Exam Practice Test

Page: 1 / 9
Total 91 questions

Palo Alto Networks Certified Detection and Remediation Analyst Questions and Answers

Testing Engine

  • Product Type: Testing Engine
$37.5  $124.99

PDF Study Guide

  • Product Type: PDF Study Guide
$33  $109.99
Question 1

When creating a custom XQL query in a dashboard, how would a user save that XQL query to the Widget Library?

Options:

A.

Click the three dots on the widget andthen choose “Save” and this will link the query to the Widget Library.

B.

This isn’t supported, you have to exit the dashboard and go into the Widget Library first to create it.

C.

Click on “Save to Action Center” in the dashboard and you will be promptedto give the query a name and description.

D.

Click on “Save to Widget Library” in the dashboard and you will be prompted to give the query a name and description.

Question 2

With a Cortex XDR Prevent license, which objects are considered to be sensors?

Options:

A.

Syslog servers

B.

Third-Party security devices

C.

Cortex XDR agents

D.

Palo Alto Networks Next-Generation Firewalls

Question 3

Which built-in dashboard would be the best option for an executive, if they were looking for the Mean Time to Resolution (MTTR) metric?

Options:

A.

Security Manager Dashboard

B.

Data Ingestion Dashboard

C.

Security Admin Dashboard

D.

Incident Management Dashboard

Question 4

Where can SHA256 hash values be used in Cortex XDR Malware Protection Profiles?

Options:

A.

in the macOS Malware Protection Profile to indicate allowed signers

B.

in the Linux Malware Protection Profile to indicate allowed Java libraries

C.

SHA256 hashes cannot be used in Cortex XDR Malware Protection Profiles

D.

in the Windows Malware Protection Profile to indicate allowed executables

Question 5

As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to download Cobalt Strike on one of your servers. Days later, you learn about a massive ongoing supply chain attack. Using Cortex XDR you recognize that your server was compromised by the attack and that Cortex XDR prevented it. What steps can you take to ensure that the same protection is extended to all your servers?

Options:

A.

Create Behavioral Threat Protection (BTP) rules to recognize and prevent the activity.

B.

Enable DLL Protection on all servers but there might be some false positives.

C.

Create IOCs of the malicious files you have found to prevent their execution.

D.

Enable Behavioral Threat Protection (BTP) with cytool to prevent the attack from spreading.

Question 6

When investigating security events, which feature in Cortex XDR is useful for reverting the changes on the endpoint?

Options:

A.

Remediation Automation

B.

Machine Remediation

C.

Automatic Remediation

D.

Remediation Suggestions

Question 7

What is the purpose of the Unit 42 team?

Options:

A.

Unit 42 is responsible for automation and orchestration of products

B.

Unit 42 is responsible for theconfiguration optimization of the Cortex XDR server

C.

Unit 42 is responsible for threat research, malware analysis and threat hunting

D.

Unit 42 is responsible for the rapid deployment of Cortex XDR agents

Question 8

What is the standard installation disk space recommended to install a Broker VM?

Options:

A.

1GB disk space

B.

2GB disk space

C.

512GB disk space

D.

256GB disk space

Question 9

What functionality of the Broker VM would you use to ingest third-party firewall logs to the Cortex Data Lake?

Options:

A.

Netflow Collector

B.

Syslog Collector

C.

DB Collector

D.

Pathfinder

Page: 1 / 9
Total 91 questions