Free Access to PaloAltoNetworks.PCDRA.v2022-03-01.q20 with Valid Practice Test (Page 2)

Question 1

What is the outcome of creating and implementing an alert exclusion?

A.The Cortex XDR console will hide those alerts.
B.The Cortex XDR console will delete those alerts and block ingestion of them in the future.
C.The Cortex XDR agent will allow the process that was blocked to run on the endpoint.
D.The Cortex XDR agent will not create an alert for this event in the future.

Question 2

As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to download Cobalt Strike on one of your servers. Days later, you learn about a massive ongoing supply chain attack. Using Cortex XDR you recognize that your server was compromised by the attack and that Cortex XDR prevented it. What steps can you take to ensure that the same protection is extended to all your servers?

A.Enable DLL Protection on all servers but there might be some false positives.
B.Create IOCs of the malicious files you have found to prevent their execution.
C.Enable Behavioral Threat Protection (BTP) with cytool to prevent the attack from spreading.
D.Create Behavioral Threat Protection (BTP) rules to recognize and prevent the activity.

Question 3

Which type of BIOC rule is currently available in Cortex XDR?

A.Network
B.Dropper
C.Discovery
D.Threat Actor

Question 4

In incident-related widgets, how would you filter the display to only show incidents that were "starred"?

A.Create a custom XQL widget
B.This is not currently supported
C.Create a custom report and filter on starred incidents
D.Click the star in the widget

Question 5

If you have an isolated network that is prevented from connecting to the Cortex Data Lake, which type of Broker VM setup can you use to facilitate the communication?

A.Broker VM Syslog Collector
B.Local Agent Proxy
C.Local Agent Installer and Content Caching
D.Broker VM Pathfinder

Question 1

Question 2

Question 3

Question 4

Question 5

Download PDF File