Free Palo Alto Networks Certified Detection and Remediation Analyst Exam PCDRA Exam Practice Test

Which search methods is supported by File Search and Destroy?

• File Seek and Destroy
• File Search and Destroy
• File Seek and Repair
• File Search and Repair

While working the alerts involved in a Cortex XDR incident, an analyst has found that every alert in this incident requires an exclusion. What will the Cortex XDR console automatically do to this incident if all alerts contained have exclusions?

• mark the incident as Unresolved
• create a BIOC rule excluding this behavior
• create an exception to prevent future false positives
• mark the incident as Resolved -- False Positive

What functionality of the Broker VM would you use to ingest third-party firewall logs to the Cortex Data Lake?

• Netflow Collector
• Syslog Collector
• DB Collector
• Pathfinder

Which type of IOC can you define in Cortex XDR?

• Destination IP Address
• Source IP Address
• Source port
• Destination IP Address: Destination

What is the standard installation disk space recommended to install a Broker VM?

• 1GB disk space
• 2GB disk space
• 512GB disk space
• 256GB disk space

Which function describes the removal of a specific file from its location on a local or removable drive to a protected folder to prevent the file from being executed?

• Search & destroy
• Isolation
• Quarantine
• Flag for removal

A file is identified as malware by the Local Analysis module whereas WildFire verdict is Benign, Assuming WildFire is accurate. Which statement is correct for the incident?

• It is true positive.
• It is false positive.
• It is a false negative.
• It is true negative.

Which of the following protection modules is checked first in the Cortex XDR Windows agent malware protection flow?

• Hash Verdict Determination
• Behavioral Threat Protection
• Restriction Policy
• Child Process Protection

What is the purpose of targeting software vendors in a supply-chain attack?

• to take advantage of a trusted software delivery method.
• to steal users' login credentials.
• to access source code.
• to report Zero-day vulnerabilities.

Which statement best describes how Behavioral Threat Protection (BTP) works?

• BTP injects into known vulnerable processes to detect malicious activity.
• BTP runs on the Cortex XDR and distributes behavioral signatures to all agents.
• BTP matches EDR data with rules provided by Cortex XDR.
• BTP uses machine Learning to recognize malicious activity even if it is not known.