Free Palo Alto Networks Certified Detection and Remediation Analyst Exam PCDRA Exam Practice Test

To create a BIOC rule with XQL query you must at a minimum filter on which field in order for it to be a valid BIOC rule?

• causality_chain
• endpoint_name
• threat_event
• event_type

A file is identified as malware by the Local Analysis module whereas WildFire verdict is Benign, Assuming WildFire is accurate. Which statement is correct for the incident?

• It is true positive.
• It is false positive.
• It is a false negative.
• It is true negative.

You can star security events in which two ways? (Choose two.)

• Create an alert-starring configuration.
• Create an Incident-starring configuration.
• Manually star an alert.
• Manually star an Incident.

If you have an isolated network that is prevented from connecting to the Cortex Data Lake, which type of Broker VM setup can you use to facilitate the communication?

• Broker VM Pathfinder
• Local Agent Proxy
• Local Agent Installer and Content Caching
• Broker VM Syslog Collector

What is by far the most common tactic used by ransomware to shut down a victim's operation?

• preventing the victim from being able to access APIs to cripple infrastructure
• denying traffic out of the victims network until payment is received
• restricting access to administrative accounts to the victim
• encrypting certain files to prevent access by the victim

Which of the following represents the correct relation of alerts to incidents?

• Only alerts with the same host are grouped together into one Incident in a given time frame.
• Alerts that occur within a three-hour time frame are grouped together into one Incident.
• Alerts with same causality chains that occur within a given time frame are grouped together into an Incident.
• Every alert creates a new Incident.

What is the maximum number of agents one Broker VM local agent applet can support?

• 5,000
• 10,000
• 15,000
• 20,000

When using the ''File Search and Destroy'' feature, which of the following search hash type is supported?

• SHA256 hash of the file
• AES256 hash of the file
• MD5 hash of the file
• SHA1 hash of the file

Which of the following Live Terminal options are available for Android systems?

• Live Terminal is not supported.
• Stop an app.
• Run APK scripts.
• Run Android commands.

Network attacks follow predictable patterns. If you interfere with any portion of this pattern, the attack will be neutralized. Which of the following statements is correct?

• Cortex XDR Analytics allows to interfere with the pattern as soon as it is observed on the firewall.
• Cortex XDR Analytics does not interfere with the pattern as soon as it is observed on the endpoint.
• Cortex XDR Analytics does not have to interfere with the pattern as soon as it is observed on the endpoint in order to prevent the attack.
• Cortex XDR Analytics allows to interfere with the pattern as soon as it is observed on the endpoint.