PCDRA Best Training Material and Practice Test Q&A from CertLibrary.com

Question 1

What is by far the most common tactic used by ransomware to shut down a victim’s operation?

A. preventing the victim from being able to access APIs to cripple infrastructure
B. denying traffic out of the victims network until payment is received
C. restricting access to administrative accounts to the victim
D. encrypting certain files to prevent access by the victim

Answer : D

Question 2

Cortex XDR Analytics can alert when detecting activity matching the following MITRE ATT&CKTM techniques.

A. Exfiltration, Command and Control, Collection
B. Exfiltration, Command and Control, Privilege Escalation
C. Exfiltration, Command and Control, Impact
D. Exfiltration, Command and Control, Lateral Movement

Answer : D

Question 3

When selecting multiple Incidents at a time, what options are available from the menu when a user right-clicks the incidents? (Choose two.)

A. Assign incidents to an analyst in bulk.
B. Change the status of multiple incidents.
C. Investigate several Incidents at once.
D. Delete the selected Incidents.

Answer : AB

Question 4

A file is identified as malware by the Local Analysis module whereas WildFire verdict is Benign, Assuming WildFire is accurate. Which statement is correct for the incident?

A. It is true positive.
B. It is false positive.
C. It is a false negative.
D. It is true negative.

Answer : B

Question 5

What is the outcome of creating and implementing an alert exclusion?

A. The Cortex XDR agent will allow the process that was blocked to run on the endpoint.
B. The Cortex XDR console will hide those alerts.
C. The Cortex XDR agent will not create an alert for this event in the future.
D. The Cortex XDR console will delete those alerts and block ingestion of them in the future.

Answer : B

Question 6

Which statement is true for Application Exploits and Kernel Exploits?

A. The ultimate goal of any exploit is to reach the application.
B. Kernel exploits are easier to prevent then application exploits.
C. The ultimate goal of any exploit is to reach the kernel.
D. Application exploits leverage kernel vulnerability.

Answer : A

Question 7

To create a BIOC rule with XQL query you must at a minimum filter on which field in order for it to be a valid BIOC rule?

A. causality_chain
B. endpoint_name
C. threat_event
D. event_type

Answer : D

Question 8

Which of the following is an example of a successful exploit?

A. connecting unknown media to an endpoint that copied malware due to Autorun.
B. a user executing code which takes advantage of a vulnerability on a local service.
C. identifying vulnerable services on a server.
D. executing a process executable for well-known and signed software.

Answer : C

Question 9

Which of the following represents the correct relation of alerts to incidents?

A. Only alerts with the same host are grouped together into one Incident in a given time frame.
B. Alerts that occur within a three hour time frame are grouped together into one Incident.
C. Alerts with same causality chains that occur within a given time frame are grouped together into an Incident.
D. Every alert creates a new Incident.

Answer : A

Question 10

Which of the following protection modules is checked first in the Cortex XDR Windows agent malware protection flow?

A. Hash Verdict Determination
B. Behavioral Threat Protection
C. Restriction Policy
D. Child Process Protection

Answer : B

Question 11

While working the alerts involved in a Cortex XDR incident, an analyst has found that every alert in this incident requires an exclusion. What will the Cortex XDR console automatically do to this incident if all alerts contained have exclusions?

A. mark the incident as Unresolved
B. create a BIOC rule excluding this behavior
C. create an exception to prevent future false positives
D. mark the incident as Resolved – False Positive

Answer : D

Question 12

Network attacks follow predictable patterns. If you interfere with any portion of this pattern, the attack will be neutralized. Which of the following statements is correct?

A. Cortex XDR Analytics allows to interfere with the pattern as soon as it is observed on the firewall.
B. Cortex XDR Analytics does not interfere with the pattern as soon as it is observed on the endpoint.
C. Cortex XDR Analytics does not have to interfere with the pattern as soon as it is observed on the endpoint in order to prevent the attack.
D. Cortex XDR Analytics allows to interfere with the pattern as soon as it is observed on the endpoint.

Answer : A

Question 13

After scan, how does file quarantine function work on an endpoint?

A. Quarantine takes ownership of the files and folders and prevents execution through access control.
B. Quarantine disables the network adapters and locks down access preventing any communications with the endpoint.
C. Quarantine removes a specific file from its location on a local or removable drive to a protected folder and prevents it from being executed.
D. Quarantine prevents an endpoint from communicating with anything besides the listed exceptions in the agent profile and Cortex XDR.

Answer : C

Question 14

Which two types of exception profiles you can create in Cortex XDR? (Choose two.)

A. exception profiles that apply to specific endpoints
B. agent exception profiles that apply to specific endpoints
C. global exception profiles that apply to all endpoints
D. role-based profiles that apply to specific endpoints

Answer : AC

Question 15

Which profiles can the user use to configure malware protection in the Cortex XDR console?

A. Malware Protection profile
B. Malware profile
C. Malware Detection profile
D. Anti-Malware profile

Answer : B

Palo Alto Networks Certified Detection and Remediation Analyst v1.0

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Talk to us!