ExamGecko
Ask Question

PCDRA: Palo Alto Networks Certified Detection And Remediation Analyst

Exam Questions:
91
 Learners
  2.370
Last Updated
April - 2025
Language
English
3 Quizzes
PDF | VPLUS
This study guide should help you understand what to expect on the exam and includes a summary of the topics the exam might cover and links to additional resources. The information and materials in this document should help you focus your studies as you prepare for the exam.

Related questions

Which of the following protection modules is checked first in the Cortex XDR Windows agent malware protection flow?

Become a Premium Member for full access
  Unlock Premium Member

You can star security events in which two ways? (Choose two.)

Become a Premium Member for full access
  Unlock Premium Member

When reaching out to TAC for additional technical support related to a Security Event; what are two critical pieces of information you need to collect from the Agent? (Choose Two)

Become a Premium Member for full access
  Unlock Premium Member

Cortex XDR is deployed in the enterprise and you notice a cobalt strike attack via an ongoing supply chain compromise was prevented on 1 server. What steps can you take to ensure the same protection is extended to all your servers?

Become a Premium Member for full access
  Unlock Premium Member

Which statement best describes how Behavioral Threat Protection (BTP) works?

Become a Premium Member for full access
  Unlock Premium Member

When is the wss (WebSocket Secure) protocol used?

Become a Premium Member for full access
  Unlock Premium Member

Why would one threaten to encrypt a hypervisor or, potentially, a multiple number of virtual machines running on a server?

Become a Premium Member for full access
  Unlock Premium Member

The Cortex XDR console has triggered an incident, blocking a vitally important piece of software in your organization that is known to be benign. Which of the following options would prevent Cortex XDR from blocking this software in the future, for all endpoints in your organization?

Create an individual alert exclusion.
Create an individual alert exclusion.
Create a global inclusion.
Create a global inclusion.
Create an endpoint-specific exception.
Create an endpoint-specific exception.
Create a global exception.
Create a global exception.
Suggested answer: D
Explanation:

A global exception is a rule that allows you to exclude specific files, processes, or behaviors from being blocked or detected by Cortex XDR. A global exception applies to all endpoints in your organization that are protected by Cortex XDR. Creating a global exception for a vitally important piece of software that is known to be benign would prevent Cortex XDR from blocking this software in the future, for all endpoints in your organization.

To create a global exception, you need to follow these steps:

In the Cortex XDR management console, go toPolicy Management > Exceptionsand clickAdd Exception.

Select theGlobal Exceptionoption and clickNext.

Enter a name and description for the exception and clickNext.

Select the type of exception you want to create, such as file, process, or behavior, and clickNext.

Specify the criteria for the exception, such as file name, hash, path, process name, command line, or behavior name, and clickNext.

Review the summary of the exception and clickFinish.

Create Global Exceptions: This document explains how to create global exceptions to exclude specific files, processes, or behaviors from being blocked or detected by Cortex XDR.

Exceptions Overview: This document provides an overview of exceptions and how they can be used to fine-tune the Cortex XDR security policy.

asked 23/09/2024
Franklin Adama
56 questions

What is the purpose of the Cortex Data Lake?

a local storage facility where your logs and alert data can be aggregated
a local storage facility where your logs and alert data can be aggregated
a cloud-based storage facility where your firewall logs are stored
a cloud-based storage facility where your firewall logs are stored
the interface between firewalls and the Cortex XDR agents
the interface between firewalls and the Cortex XDR agents
the workspace for your Cortex XDR agents to detonate potential malware files
the workspace for your Cortex XDR agents to detonate potential malware files
Suggested answer: B
Explanation:

The purpose of the Cortex Data Lake is to provide a cloud-based storage facility where your firewall logs are stored. Cortex Data Lake is a service that collects, transforms, and integrates your enterprise's security data to enable Palo Alto Networks solutions. It powers AI and machine learning, detection accuracy, and app and service innovation. Cortex Data Lake automatically collects, integrates, and normalizes data across your security infrastructure, including your next-generation firewalls, Prisma Access, and Cortex XDR. With unified data, you can run advanced AI and machine learning to radically simplify security operations with apps built on Cortex. Cortex Data Lake is available in multiple regions and supports data residency and privacy requirements.Reference:

Cortex Data Lake - Palo Alto Networks

Cortex Data Lake - Palo Alto Networks

Cortex Data Lake, the technology behind Cortex XDR - Palo Alto Networks

CORTEX DATA LAKE - Palo Alto Networks

Sizing for Cortex Data Lake Storage - Palo Alto Networks

asked 23/09/2024
Keith Barker
34 questions

Under which conditions is Local Analysis evoked to evaluate a file before the file is allowed to run?

Become a Premium Member for full access
  Unlock Premium Member